Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lcc222.exe

Overview

General Information

Sample name:lcc222.exe
Analysis ID:1562225
MD5:06c6aa662ce822503bc39a1c80169b51
SHA1:6d152057b2a41eb434208443554816e5a60db444
SHA256:36b395baef52c38bb9f327a43371a58a030d9a558038c40924f87a54058bbe1d
Tags:exemalwaretrojanuser-Joker
Infos:

Detection

Score:30
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

AI detected suspicious sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect virtual machines (SGDT)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • lcc222.exe (PID: 7264 cmdline: "C:\Users\user\Desktop\lcc222.exe" MD5: 06C6AA662CE822503BC39A1C80169B51)
    • lcc222.exe (PID: 7328 cmdline: "C:\Users\user\Desktop\lcc222.exe" MD5: 06C6AA662CE822503BC39A1C80169B51)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.3% probability
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB704C00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB704C00
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB764C40 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFBAB764C40
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB74EC70 CRYPTO_free,2_2_00007FFBAB74EC70
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB748C80 CRYPTO_free,2_2_00007FFBAB748C80
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7022D9 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB7022D9
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFBAB701AB4
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB74EC10 CRYPTO_free,2_2_00007FFBAB74EC10
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701460 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,2_2_00007FFBAB701460
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB716B20 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,2_2_00007FFBAB716B20
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB71EB48 CRYPTO_free,2_2_00007FFBAB71EB48
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFBAB701A0F
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB704B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB704B30
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB72EB10 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFBAB72EB10
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FFBAB701A05
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB701492
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB742A50 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FFBAB742A50
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70114F CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFBAB70114F
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,2_2_00007FFBAB701893
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7017DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB7017DF
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70204F CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFBAB70204F
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7024EB CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFBAB7024EB
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7589F0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFBAB7589F0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB74E920 CRYPTO_free,2_2_00007FFBAB74E920
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB714930 CRYPTO_get_ex_new_index,2_2_00007FFBAB714930
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701EE2 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFBAB701EE2
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702185 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFBAB702185
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB714990 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB714990
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB74E8C0 CRYPTO_free,2_2_00007FFBAB74E8C0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7026B2 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FFBAB7026B2
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB76C8E0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB76C8E0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB77A8F0 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,2_2_00007FFBAB77A8F0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,2_2_00007FFBAB70139D
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702117 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FFBAB702117
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB704FD0 CRYPTO_free,2_2_00007FFBAB704FD0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB765070 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB765070
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB77B070 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB77B070
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB72F070 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,memcpy,2_2_00007FFBAB72F070
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB729080 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FFBAB729080
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7020E5 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB7020E5
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702144 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFBAB702144
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7017E9 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFBAB7017E9
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70CEA0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FFBAB70CEA0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB772EE0 CRYPTO_memcmp,2_2_00007FFBAB772EE0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70236A CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB70236A
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB748E90 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFBAB748E90
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFBAB70117C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB71EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FFBAB71EDC1
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701771 CRYPTO_free,2_2_00007FFBAB701771
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFBAB701811
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcmp,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFBAB701B54
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB71EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FFBAB71EDC1
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB71CD30 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB71CD30
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB70136B
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB748D40 OPENSSL_cleanse,CRYPTO_free,2_2_00007FFBAB748D40
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB701CBC
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70222F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFBAB70222F
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB758CA0 CRYPTO_free,CRYPTO_strndup,2_2_00007FFBAB758CA0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70257C ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,2_2_00007FFBAB70257C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB71E427 CRYPTO_THREAD_write_lock,2_2_00007FFBAB71E427
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFBAB70198D
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FFBAB701AC3
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB734490 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB734490
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701D93 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFBAB701D93
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7018B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB7018B6
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7643C0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,2_2_00007FFBAB7643C0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB76A3D0 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB76A3D0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7023DD EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFBAB7023DD
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB722410 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FFBAB722410
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB760330 CRYPTO_free,CRYPTO_strndup,2_2_00007FFBAB760330
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB704300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB704300
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB701B31
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB712360 CRYPTO_THREAD_run_once,2_2_00007FFBAB712360
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB758390 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB758390
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB74E200 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB74E200
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB701389
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB704100 CRYPTO_free,2_2_00007FFBAB704100
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7019DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FFBAB7019DD
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7015E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB7015E6
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701F55 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFBAB701F55
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB74E190 CRYPTO_free,2_2_00007FFBAB74E190
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7600A0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFBAB7600A0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7220A0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FFBAB7220A0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70E0AD ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,2_2_00007FFBAB70E0AD
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7580C0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB7580C0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,2_2_00007FFBAB701361
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702423 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB702423
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB764860 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFBAB764860
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB778870 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB778870
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB701401
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701F28 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FFBAB701F28
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701CA3 CRYPTO_strdup,CRYPTO_free,2_2_00007FFBAB701CA3
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7025F4 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,2_2_00007FFBAB7025F4
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701F3C CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFBAB701F3C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7016A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB7016A4
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB74E781 CRYPTO_free,CRYPTO_free,2_2_00007FFBAB74E781
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7426B0 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FFBAB7426B0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB71A6D0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFBAB71A6D0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70103C CRYPTO_malloc,COMP_expand_block,2_2_00007FFBAB70103C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB74E700 CRYPTO_free,2_2_00007FFBAB74E700
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,2_2_00007FFBAB70120D
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB758620 CRYPTO_memcmp,2_2_00007FFBAB758620
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7024CD CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FFBAB7024CD
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB766650 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFBAB766650
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7013D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,2_2_00007FFBAB7013D9
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB744660 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFBAB744660
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FFBAB70162C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7085A0 CRYPTO_zalloc,CRYPTO_free,2_2_00007FFBAB7085A0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7205E0 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFBAB7205E0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFBAB701212
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB714530 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FFBAB714530
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB776550 CRYPTO_memcmp,2_2_00007FFBAB776550
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7026E4 BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FFBAB7026E4
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB701488
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB701ACD
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7019E7 CRYPTO_free,2_2_00007FFBAB7019E7
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB701483
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB761B9F CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFBAB761B9F
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB72DBA0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFBAB72DBA0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB715BB0 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFBAB715BB0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFBAB70155A
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFBAB701582
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB77BB70 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,2_2_00007FFBAB77BB70
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB725B90 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB725B90
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB72FAF0 CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FFBAB72FAF0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB74FB00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFBAB74FB00
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB76BA20 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB76BA20
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701A15 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFBAB701A15
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB763A60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FFBAB763A60
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB749A60 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFBAB749A60
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB717A60 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FFBAB717A60
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7011DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFBAB7011DB
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB701A41
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB743A00 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB743A00
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701E6A ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFBAB701E6A
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB751970 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,2_2_00007FFBAB751970
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFBAB70105F
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB74D980 RAND_bytes_ex,CRYPTO_malloc,memset,2_2_00007FFBAB74D980
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70589C BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FFBAB70589C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7338C0 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB7338C0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7013DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB7013DE
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701654 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,ERR_new,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FFBAB701654
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB77B900 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB77B900
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70F910 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFBAB70F910
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB726030 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB726030
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7023EC CRYPTO_free,CRYPTO_memdup,2_2_00007FFBAB7023EC
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB71C080 CRYPTO_free,CRYPTO_memdup,2_2_00007FFBAB71C080
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702527 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB702527
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70DFB5 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB70DFB5
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701019 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB701019
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70202C CRYPTO_free,2_2_00007FFBAB70202C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB715F20 CRYPTO_THREAD_run_once,2_2_00007FFBAB715F20
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFBAB701C53
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB763F30 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FFBAB763F30
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB71BF30 CRYPTO_memcmp,2_2_00007FFBAB71BF30
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB76DF40 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,2_2_00007FFBAB76DF40
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB705EE0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FFBAB705EE0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,2_2_00007FFBAB701B18
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB703EB0 CRYPTO_free,2_2_00007FFBAB703EB0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70107D CRYPTO_free,2_2_00007FFBAB70107D
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702680 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFBAB702680
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB76BE20 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB76BE20
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7025DB CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FFBAB7025DB
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FFBAB70150F
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702720 CRYPTO_free,CRYPTO_strdup,2_2_00007FFBAB702720
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702310 ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,2_2_00007FFBAB702310
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70108C ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFBAB70108C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB725E10 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB725E10
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB763D20 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FFBAB763D20
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB725D20 CRYPTO_free,CRYPTO_free,2_2_00007FFBAB725D20
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FFBAB701CEE
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701D89 CRYPTO_free,CRYPTO_memdup,2_2_00007FFBAB701D89
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB705C9B CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FFBAB705C9B
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB715CB0 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFBAB715CB0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB713CC0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFBAB713CC0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7023F1 CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB7023F1
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702595 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFBAB702595
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB77B430 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFBAB77B430
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702126 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB702126
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB773480 CRYPTO_free,CRYPTO_strndup,2_2_00007FFBAB773480
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FFBAB701393
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70D3CA CRYPTO_free,2_2_00007FFBAB70D3CA
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701444 EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,2_2_00007FFBAB701444
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFBAB701997
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFBAB70195B
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FFBAB701A32
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7392E0 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB7392E0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7017F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB7017F8
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FFBAB70111D
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70B300 CRYPTO_clear_free,2_2_00007FFBAB70B300
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFBAB701677
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70D227 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB70D227
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB767230 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFBAB767230
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFBAB701B90
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFBAB701262
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701F8C CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFBAB701F8C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB773260 CRYPTO_free,CRYPTO_memdup,2_2_00007FFBAB773260
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFBAB701A23
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB749120 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFBAB749120
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7011A9 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFBAB7011A9
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70F160 CRYPTO_free,CRYPTO_memdup,2_2_00007FFBAB70F160
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB761170 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFBAB761170
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB72D170 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,2_2_00007FFBAB72D170
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7014CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFBAB7014CE
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7430A0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFBAB7430A0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7021DF CRYPTO_memcmp,2_2_00007FFBAB7021DF
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702374 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB702374
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7350D8 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFBAB7350D8
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB717840 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFBAB717840
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB719870 CRYPTO_free,CRYPTO_strdup,2_2_00007FFBAB719870
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7577A0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB7577A0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7617A1 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFBAB7617A1
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FFBAB701087
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7757FE CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB7757FE
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB701023
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB751750 CRYPTO_free,CRYPTO_memdup,2_2_00007FFBAB751750
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7011BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB7011BD
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7012CB CRYPTO_THREAD_run_once,2_2_00007FFBAB7012CB
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7456D0 CRYPTO_free,2_2_00007FFBAB7456D0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB711620 CRYPTO_free,CRYPTO_strndup,2_2_00007FFBAB711620
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB773650 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,2_2_00007FFBAB773650
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70F650 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,2_2_00007FFBAB70F650
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB76B660 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFBAB76B660
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702469 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFBAB702469
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7021E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FFBAB7021E9
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701181 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB701181
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB702379 CRYPTO_free,2_2_00007FFBAB702379
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,2_2_00007FFBAB70110E
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB70193D
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB757570 CRYPTO_realloc,2_2_00007FFBAB757570
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7020F4 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFBAB7020F4
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701EDD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFBAB701EDD
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7514E0 CRYPTO_memcmp,2_2_00007FFBAB7514E0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,2_2_00007FFBAB701992
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB72D510 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FFBAB72D510
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB1885218 ASN1_STRING_type,ASN1_STRING_length,ASN1_STRING_get0_data,_Py_BuildValue_SizeT,ASN1_STRING_to_UTF8,_Py_Dealloc,_Py_BuildValue_SizeT,CRYPTO_free,2_2_00007FFBB1885218
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB1884F60 i2d_X509,PyBytes_FromStringAndSize,CRYPTO_free,2_2_00007FFBB1884F60
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB62918C0 _Py_NoneStruct,_PyArg_UnpackKeywords,PyObject_GetBuffer,PyBuffer_IsContiguous,PyObject_GetBuffer,PyBuffer_IsContiguous,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,EVP_PBE_scrypt,PyBytes_FromStringAndSize,PyEval_SaveThread,EVP_PBE_scrypt,PyEval_RestoreThread,PyExc_ValueError,PyErr_SetString,PyBuffer_Release,PyBuffer_Release,PyLong_AsLong,PyErr_Occurred,PyLong_AsLong,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_Format,_PyArg_BadArgument,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_OverflowError,PyExc_OverflowError,_Py_Dealloc,PyExc_ValueError,2_2_00007FFBB62918C0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB6296344 CRYPTO_memcmp,2_2_00007FFBB6296344
Source: lcc222.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2643298480.00007FFBC3133000.00000002.00000001.01000000.00000007.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: lcc222.exe, 00000002.00000002.2641573933.00007FFBAA782000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: lcc222.exe, 00000002.00000002.2641163696.00007FFBA9F2A000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642923064.00007FFBB6297000.00000002.00000001.01000000.0000000B.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: lcc222.exe, 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmp, libssl-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2643218174.00007FFBBC343000.00000002.00000001.01000000.0000000C.sdmp, _queue.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642560971.00007FFBAB6EE000.00000002.00000001.01000000.0000000D.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: lcc222.exe, 00000000.00000003.1379327235.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2643079206.00007FFBBBDA3000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: lcc222.exe, 00000002.00000002.2641163696.00007FFBA9E92000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: lcc222.exe, 00000000.00000003.1379327235.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2643079206.00007FFBBBDA3000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: lcc222.exe, 00000002.00000002.2641163696.00007FFBA9F2A000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642999969.00007FFBBB6D9000.00000002.00000001.01000000.00000006.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: lcc222.exe, 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmp, libssl-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: lcc222.exe, 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmp, _ssl.pyd.0.dr
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA239280 FindFirstFileExW,FindClose,0_2_00007FF6CA239280
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2383C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6CA2383C0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA251874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6CA251874
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA239280 FindFirstFileExW,FindClose,2_2_00007FF6CA239280
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2383C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF6CA2383C0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA251874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6CA251874
Source: Joe Sandbox ViewIP Address: 172.66.0.235 172.66.0.235
Source: Joe Sandbox ViewIP Address: 172.66.0.235 172.66.0.235
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBB6D65E8 memset,recvfrom,2_2_00007FFBBB6D65E8
Source: global trafficDNS traffic detected: DNS query: pub-df330fbbea624b19b9a4fa4f71271742.r2.dev
Source: lcc222.exe, 00000002.00000002.2640227518.000001D634820000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625FF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625FF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F9000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F9000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: lcc222.exe, 00000002.00000003.1406902541.000001D633DFF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634520000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6343AF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: lcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl4
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634520000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: lcc222.exe, 00000002.00000002.2639687361.000001D634520000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlL
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlg
Source: lcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: lcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: lcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlP
Source: lcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6343AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625FF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625FF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F9000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeS
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625FF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F9000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: lcc222.exe, 00000002.00000002.2640227518.000001D634820000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: lcc222.exe, 00000002.00000003.1406902541.000001D633E9A000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: lcc222.exe, 00000002.00000003.1407332245.000001D6342D1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: lcc222.exe, 00000002.00000002.2639181153.000001D633F0F000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633F0F000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D63426E000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1407332245.000001D63427E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: lcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625FF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F9000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F9000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625FF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: lcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: lcc222.exe, 00000002.00000002.2640227518.000001D634820000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625FF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1382757973.000001F8625F9000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1385556216.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6343AF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: lcc222.exe, 00000002.00000003.1407332245.000001D634229000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: lcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: lcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: lcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cpsd
Source: lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: lcc222.exe, 00000002.00000003.1406902541.000001D633E9A000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: lcc222.exe, 00000002.00000003.1392626307.000001D633B6B000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1392321976.000001D633B39000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1392321976.000001D633B45000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2638869887.000001D63388C000.00000004.00001000.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1390993911.000001D633B45000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1391611778.000001D633B6B000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1390906056.000001D633BC8000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: lcc222.exe, 00000002.00000002.2638869887.000001D633810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: lcc222.exe, 00000002.00000002.2638869887.000001D63388C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: lcc222.exe, 00000002.00000002.2638869887.000001D63388C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: lcc222.exe, 00000002.00000002.2638869887.000001D63388C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: lcc222.exe, 00000002.00000002.2638869887.000001D633810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: lcc222.exe, 00000002.00000002.2639107806.000001D633C20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: lcc222.exe, 00000002.00000002.2639107806.000001D633C20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: lcc222.exe, 00000002.00000002.2638869887.000001D63388C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: lcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: lcc222.exe, 00000002.00000002.2640227518.000001D634820000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: lcc222.exe, 00000002.00000002.2639548169.000001D634020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: lcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: lcc222.exe, 00000002.00000002.2640227518.000001D6348E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: lcc222.exe, 00000002.00000002.2638869887.000001D633810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: lcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: lcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: lcc222.exe, 00000002.00000003.1398565783.000001D633DAC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633D51000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1398448076.000001D633E33000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: lcc222.exe, 00000002.00000002.2640153988.000001D634720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: lcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: lcc222.exe, 00000002.00000002.2639548169.000001D634020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: lcc222.exe, 00000002.00000003.1406902541.000001D633E9A000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: lcc222.exe, 00000002.00000002.2640227518.000001D634820000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: lcc222.exe, 00000002.00000002.2640153988.000001D634720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: lcc222.exe, 00000002.00000002.2640153988.000001D634720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/32902
Source: lcc222.exe, 00000002.00000002.2639181153.000001D633EDC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639018435.000001D633B20000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639018435.000001D633B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: lcc222.exe, 00000002.00000002.2639181153.000001D633EDC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639018435.000001D633B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: lcc222.exe, 00000002.00000002.2639018435.000001D633B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: lcc222.exe, 00000002.00000003.1406902541.000001D633E9A000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: lcc222.exe, 00000002.00000002.2639018435.000001D633B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: lcc222.exe, 00000002.00000002.2640340509.000001D634920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: lcc222.exe, 00000002.00000003.1398565783.000001D633DAC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1397269600.000001D633DE6000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1394281836.000001D633DD1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633D51000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1395921085.000001D633DEA000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633D7F000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1402872571.000001D633DDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: lcc222.exe, 00000002.00000002.2640153988.000001D634720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6343AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: lcc222.exe, 00000002.00000002.2639617164.000001D634120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: lcc222.exe, 00000002.00000002.2639107806.000001D633C20000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: lcc222.exe, 00000002.00000002.2641573933.00007FFBAA782000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
Source: lcc222.exe, 00000002.00000002.2640340509.000001D634990000.00000004.00001000.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2638869887.000001D633810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pub-df330fbbea624b19b9a4fa4f71271742.r2.dev/windows.zip
Source: lcc222.exe, 00000002.00000002.2640340509.000001D634990000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pub-df330fbbea624b19b9a4fa4f71271742.r2.dev/windows.zip0
Source: lcc222.exe, 00000002.00000002.2638869887.000001D633810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pub-df330fbbea624b19b9a4fa4f71271742.r2.dev/windows.zipdd
Source: lcc222.exe, 00000002.00000002.2640340509.000001D634920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: lcc222.exe, 00000002.00000002.2639181153.000001D633D51000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: lcc222.exe, 00000002.00000003.1406902541.000001D633E23000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: lcc222.exe, 00000002.00000002.2639181153.000001D633EDC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639018435.000001D633B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: lcc222.exe, 00000002.00000003.1406902541.000001D633DFF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html
Source: lcc222.exe, 00000002.00000002.2640153988.000001D634720000.00000004.00001000.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406859944.000001D6342F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: lcc222.exe, 00000002.00000002.2640083651.000001D634620000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmp, lcc222.exe, 00000002.00000002.2641361232.00007FFBA9FD4000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr, libssl-3.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: lcc222.exe, 00000002.00000003.1398565783.000001D633DAC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1397269600.000001D633DE6000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1394281836.000001D633DD1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633D51000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1395921085.000001D633DEA000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633D7F000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1402872571.000001D633DDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6343AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: lcc222.exe, 00000002.00000002.2641872223.00007FFBAA8F8000.00000008.00000001.01000000.00000004.sdmp, python312.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
Source: lcc222.exe, 00000002.00000002.2641573933.00007FFBAA782000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drString found in binary or memory: https://www.python.org/psf/license/)
Source: lcc222.exe, 00000002.00000002.2639181153.000001D633D51000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634520000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: lcc222.exe, 00000002.00000002.2639181153.000001D633EDC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639018435.000001D633B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA255C000_2_00007FF6CA255C00
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2569640_2_00007FF6CA256964
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2389E00_2_00007FF6CA2389E0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2310000_2_00007FF6CA231000
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2508C80_2_00007FF6CA2508C8
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA241B500_2_00007FF6CA241B50
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2564180_2_00007FF6CA256418
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2508C80_2_00007FF6CA2508C8
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA242C100_2_00007FF6CA242C10
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA253C100_2_00007FF6CA253C10
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA23ACAD0_2_00007FF6CA23ACAD
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA23A47B0_2_00007FF6CA23A47B
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA245D300_2_00007FF6CA245D30
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2421640_2_00007FF6CA242164
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2419440_2_00007FF6CA241944
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2439A40_2_00007FF6CA2439A4
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA24DA5C0_2_00007FF6CA24DA5C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA23A2DB0_2_00007FF6CA23A2DB
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA241F600_2_00007FF6CA241F60
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2417400_2_00007FF6CA241740
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2487940_2_00007FF6CA248794
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2398000_2_00007FF6CA239800
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2518740_2_00007FF6CA251874
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2540AC0_2_00007FF6CA2540AC
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2480E40_2_00007FF6CA2480E4
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA24E5700_2_00007FF6CA24E570
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA241D540_2_00007FF6CA241D54
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2435A00_2_00007FF6CA2435A0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA249EA00_2_00007FF6CA249EA0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA255E7C0_2_00007FF6CA255E7C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA24DEF00_2_00007FF6CA24DEF0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2597280_2_00007FF6CA259728
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2569642_2_00007FF6CA256964
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2310002_2_00007FF6CA231000
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA241B502_2_00007FF6CA241B50
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2564182_2_00007FF6CA256418
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2508C82_2_00007FF6CA2508C8
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA242C102_2_00007FF6CA242C10
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA253C102_2_00007FF6CA253C10
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA255C002_2_00007FF6CA255C00
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA23ACAD2_2_00007FF6CA23ACAD
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA23A47B2_2_00007FF6CA23A47B
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA245D302_2_00007FF6CA245D30
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2421642_2_00007FF6CA242164
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2419442_2_00007FF6CA241944
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2439A42_2_00007FF6CA2439A4
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2389E02_2_00007FF6CA2389E0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA24DA5C2_2_00007FF6CA24DA5C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA23A2DB2_2_00007FF6CA23A2DB
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA241F602_2_00007FF6CA241F60
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2417402_2_00007FF6CA241740
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2487942_2_00007FF6CA248794
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2398002_2_00007FF6CA239800
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2518742_2_00007FF6CA251874
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2540AC2_2_00007FF6CA2540AC
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2480E42_2_00007FF6CA2480E4
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2508C82_2_00007FF6CA2508C8
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA24E5702_2_00007FF6CA24E570
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA241D542_2_00007FF6CA241D54
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2435A02_2_00007FF6CA2435A0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA249EA02_2_00007FF6CA249EA0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA255E7C2_2_00007FF6CA255E7C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA24DEF02_2_00007FF6CA24DEF0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2597282_2_00007FF6CA259728
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB5612F02_2_00007FFBAB5612F0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB5618802_2_00007FFBAB561880
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB68C4802_2_00007FFBAB68C480
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6909802_2_00007FFBAB690980
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6B73F82_2_00007FFBAB6B73F8
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6B23B02_2_00007FFBAB6B23B0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6B5F002_2_00007FFBAB6B5F00
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6B12B02_2_00007FFBAB6B12B0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6B2F802_2_00007FFBAB6B2F80
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6B8F402_2_00007FFBAB6B8F40
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6B1A002_2_00007FFBAB6B1A00
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6B55D02_2_00007FFBAB6B55D0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6BFA882_2_00007FFBAB6BFA88
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6B46502_2_00007FFBAB6B4650
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6B19202_2_00007FFBAB6B1920
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6E10002_2_00007FFBAB6E1000
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6E77F82_2_00007FFBAB6E77F8
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6E3DC02_2_00007FFBAB6E3DC0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6E2DC02_2_00007FFBAB6E2DC0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6E60802_2_00007FFBAB6E6080
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6E3B202_2_00007FFBAB6E3B20
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB77AC802_2_00007FFBAB77AC80
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7026172_2_00007FFBAB702617
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701A0F2_2_00007FFBAB701A0F
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7016182_2_00007FFBAB701618
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7389202_2_00007FFBAB738920
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701EE22_2_00007FFBAB701EE2
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7027022_2_00007FFBAB702702
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70117C2_2_00007FFBAB70117C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701B542_2_00007FFBAB701B54
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701CBC2_2_00007FFBAB701CBC
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70149C2_2_00007FFBAB70149C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701D932_2_00007FFBAB701D93
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7788702_2_00007FFBAB778870
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7087202_2_00007FFBAB708720
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70116D2_2_00007FFBAB70116D
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7016FE2_2_00007FFBAB7016FE
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70155A2_2_00007FFBAB70155A
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB745C002_2_00007FFBAB745C00
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB72BAE02_2_00007FFBAB72BAE0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB749A602_2_00007FFBAB749A60
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7015962_2_00007FFBAB701596
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB74D9802_2_00007FFBAB74D980
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7013DE2_2_00007FFBAB7013DE
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7016542_2_00007FFBAB701654
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7260302_2_00007FFBAB726030
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701AD72_2_00007FFBAB701AD7
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7015462_2_00007FFBAB701546
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB74DE502_2_00007FFBAB74DE50
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7021E42_2_00007FFBAB7021E4
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701FDC2_2_00007FFBAB701FDC
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB76D2D02_2_00007FFBAB76D2D0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7017F82_2_00007FFBAB7017F8
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7024DC2_2_00007FFBAB7024DC
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7021C62_2_00007FFBAB7021C6
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7736502_2_00007FFBAB773650
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB701C122_2_00007FFBAB701C12
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB1888D642_2_00007FFBB1888D64
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB1889E742_2_00007FFBB1889E74
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB18886602_2_00007FFBB1888660
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB1889A7C2_2_00007FFBB1889A7C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB188BBA02_2_00007FFBB188BBA0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB18853242_2_00007FFBB1885324
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB1885AF82_2_00007FFBB1885AF8
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB62918C02_2_00007FFBB62918C0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB62911A02_2_00007FFBB62911A0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB62915802_2_00007FFBB6291580
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBB6D10C02_2_00007FFBBB6D10C0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBB6D3B202_2_00007FFBBB6D3B20
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBBD97CA02_2_00007FFBBBD97CA0
Source: C:\Users\user\Desktop\lcc222.exeCode function: String function: 00007FF6CA232910 appears 34 times
Source: C:\Users\user\Desktop\lcc222.exeCode function: String function: 00007FFBAB701325 appears 471 times
Source: C:\Users\user\Desktop\lcc222.exeCode function: String function: 00007FFBAB77D32F appears 327 times
Source: C:\Users\user\Desktop\lcc222.exeCode function: String function: 00007FFBAB77DB03 appears 45 times
Source: C:\Users\user\Desktop\lcc222.exeCode function: String function: 00007FFBAB77D341 appears 1197 times
Source: C:\Users\user\Desktop\lcc222.exeCode function: String function: 00007FFBAB683880 appears 114 times
Source: C:\Users\user\Desktop\lcc222.exeCode function: String function: 00007FFBAB77D33B appears 43 times
Source: C:\Users\user\Desktop\lcc222.exeCode function: String function: 00007FF6CA232710 appears 104 times
Source: C:\Users\user\Desktop\lcc222.exeCode function: String function: 00007FFBAB77D425 appears 48 times
Source: C:\Users\user\Desktop\lcc222.exeCode function: String function: 00007FFBAB683800 appears 51 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: lcc222.exe, 00000000.00000003.1379327235.000001F8625F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs lcc222.exe
Source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs lcc222.exe
Source: lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs lcc222.exe
Source: lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs lcc222.exe
Source: lcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs lcc222.exe
Source: lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs lcc222.exe
Source: lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs lcc222.exe
Source: lcc222.exe, 00000000.00000003.1379643311.000001F8625F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs lcc222.exe
Source: lcc222.exe, 00000000.00000003.1380519987.000001F8625F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs lcc222.exe
Source: lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs lcc222.exe
Source: lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs lcc222.exe
Source: lcc222.exeBinary or memory string: OriginalFilename vs lcc222.exe
Source: lcc222.exe, 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenamelibsslH vs lcc222.exe
Source: lcc222.exe, 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs lcc222.exe
Source: lcc222.exe, 00000002.00000002.2641361232.00007FFBA9FD4000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs lcc222.exe
Source: lcc222.exe, 00000002.00000002.2643031110.00007FFBBB6E3000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs lcc222.exe
Source: lcc222.exe, 00000002.00000002.2643110999.00007FFBBBDA9000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs lcc222.exe
Source: lcc222.exe, 00000002.00000002.2643248571.00007FFBBC346000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs lcc222.exe
Source: lcc222.exe, 00000002.00000002.2643331694.00007FFBC3136000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs lcc222.exe
Source: lcc222.exe, 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs lcc222.exe
Source: lcc222.exe, 00000002.00000002.2642953090.00007FFBB629E000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs lcc222.exe
Source: lcc222.exe, 00000002.00000002.2642122758.00007FFBAAA21000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs lcc222.exe
Source: lcc222.exe, 00000002.00000002.2642592277.00007FFBAB6F3000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs lcc222.exe
Source: lcc222.exe, 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs lcc222.exe
Source: classification engineClassification label: sus30.winEXE@3/17@1/1
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642Jump to behavior
Source: lcc222.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\lcc222.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeFile read: C:\Users\user\Desktop\lcc222.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\lcc222.exe "C:\Users\user\Desktop\lcc222.exe"
Source: C:\Users\user\Desktop\lcc222.exeProcess created: C:\Users\user\Desktop\lcc222.exe "C:\Users\user\Desktop\lcc222.exe"
Source: C:\Users\user\Desktop\lcc222.exeProcess created: C:\Users\user\Desktop\lcc222.exe "C:\Users\user\Desktop\lcc222.exe"Jump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeSection loaded: wintypes.dllJump to behavior
Source: lcc222.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: lcc222.exeStatic file information: File size 8547622 > 1048576
Source: lcc222.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: lcc222.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: lcc222.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: lcc222.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: lcc222.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: lcc222.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: lcc222.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: lcc222.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: lcc222.exe, 00000000.00000003.1387312374.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2643298480.00007FFBC3133000.00000002.00000001.01000000.00000007.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: lcc222.exe, 00000002.00000002.2641573933.00007FFBAA782000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: lcc222.exe, 00000000.00000003.1387486648.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: lcc222.exe, 00000002.00000002.2641163696.00007FFBA9F2A000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: lcc222.exe, 00000000.00000003.1379843975.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642923064.00007FFBB6297000.00000002.00000001.01000000.0000000B.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: lcc222.exe, 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmp, libssl-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: lcc222.exe, 00000000.00000003.1380193680.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2643218174.00007FFBBC343000.00000002.00000001.01000000.0000000C.sdmp, _queue.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: lcc222.exe, 00000000.00000003.1380012134.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: lcc222.exe, 00000000.00000003.1379492399.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642560971.00007FFBAB6EE000.00000002.00000001.01000000.0000000D.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: lcc222.exe, 00000000.00000003.1379327235.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2643079206.00007FFBBBDA3000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: lcc222.exe, 00000002.00000002.2641163696.00007FFBA9E92000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: lcc222.exe, 00000000.00000003.1379327235.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2643079206.00007FFBBBDA3000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: lcc222.exe, 00000002.00000002.2641163696.00007FFBA9F2A000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: lcc222.exe, 00000000.00000003.1380341133.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642999969.00007FFBBB6D9000.00000002.00000001.01000000.00000006.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: lcc222.exe, 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmp, libssl-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: lcc222.exe, 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmp, _ssl.pyd.0.dr
Source: lcc222.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: lcc222.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: lcc222.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: lcc222.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: lcc222.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python312.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6E9B0C push 82000085h; retn 0000h2_2_00007FFBAB6E9B11
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB724331 push rcx; ret 2_2_00007FFBAB724332
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7B80A0 push rbp; retf 2_2_00007FFBAB7B80A3
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7B8020 push rbp; retf 2_2_00007FFBAB7B8023
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7B8038 push rsp; retf 2_2_00007FFBAB7B803B
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7B8030 push rbp; retf 2_2_00007FFBAB7B804B
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7B8048 push rbp; retf 2_2_00007FFBAB7B804B
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7B8098 push rsi; retf 2_2_00007FFBAB7B809B
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7B8008 push rbp; retf 2_2_00007FFBAB7B800B
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\select.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA235830 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF6CA235830
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB748816 sgdt fword ptr [rax]2_2_00007FFBAB748816
Source: C:\Users\user\Desktop\lcc222.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72642\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72642\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72642\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72642\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72642\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72642\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72642\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72642\select.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72642\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72642\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\lcc222.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17560
Source: C:\Users\user\Desktop\lcc222.exeAPI coverage: 1.4 %
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA239280 FindFirstFileExW,FindClose,0_2_00007FF6CA239280
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA2383C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6CA2383C0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA251874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6CA251874
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA239280 FindFirstFileExW,FindClose,2_2_00007FF6CA239280
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA2383C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF6CA2383C0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA251874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6CA251874
Source: lcc222.exe, 00000000.00000003.1381716328.000001F8625F1000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: lcc222.exe, 00000002.00000002.2639181153.000001D633D51000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633D7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA23D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6CA23D12C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA253480 GetProcessHeap,0_2_00007FF6CA253480
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA23D30C SetUnhandledExceptionFilter,0_2_00007FF6CA23D30C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA23C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6CA23C8A0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA23D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6CA23D12C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA24A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6CA24A614
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA23D30C SetUnhandledExceptionFilter,2_2_00007FF6CA23D30C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA23C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF6CA23C8A0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA23D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6CA23D12C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FF6CA24A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6CA24A614
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB562A70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAB562A70
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB563028 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAB563028
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6942E8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAB6942E8
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB693D20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAB693D20
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6C3E60 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAB6C3E60
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6C38A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAB6C38A0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6EAA7C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAB6EAA7C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB6EA050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAB6EA050
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7B8030 RtlLookupFunctionEntry,SetUnhandledExceptionFilter,2_2_00007FFBAB7B8030
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB7B8048 SetUnhandledExceptionFilter,2_2_00007FFBAB7B8048
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBAB70212B IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAB70212B
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB188314C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBB188314C
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB1882720 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBB1882720
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB6294620 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBB6294620
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBB6294060 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBB6294060
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBB6D2D70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBBB6D2D70
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBB6D3328 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBBB6D3328
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBBDA0AA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBBBDA0AA8
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBC151430 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBBC151430
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBC151A00 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBBC151A00
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBC341710 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBBC341710
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBC341CD0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBBC341CD0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBC3131AA0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBC3131AA0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBC31314E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBC31314E0
Source: C:\Users\user\Desktop\lcc222.exeProcess created: C:\Users\user\Desktop\lcc222.exe "C:\Users\user\Desktop\lcc222.exe"Jump to behavior
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA259570 cpuid 0_2_00007FF6CA259570
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer\md__mypyc.cp312-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeQueries volume information: C:\Users\user\Desktop\lcc222.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA23D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6CA23D010
Source: C:\Users\user\Desktop\lcc222.exeCode function: 0_2_00007FF6CA255C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6CA255C00
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBB6D50C0 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,2_2_00007FFBBB6D50C0
Source: C:\Users\user\Desktop\lcc222.exeCode function: 2_2_00007FFBBB6D60CC _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,2_2_00007FFBBB6D60CC

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		22
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Process Injection		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets22
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
lcc222.exe5%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI72642\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\python312.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI72642\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://pub-df330fbbea624b19b9a4fa4f71271742.r2.dev/windows.zip00%Avira URL Cloudsafe
https://pub-df330fbbea624b19b9a4fa4f71271742.r2.dev/windows.zip0%Avira URL Cloudsafe
https://pub-df330fbbea624b19b9a4fa4f71271742.r2.dev/windows.zipdd0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/latest/advanced-usage.html0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pub-df330fbbea624b19b9a4fa4f71271742.r2.dev
172.66.0.235
truefalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://google.com/lcc222.exe, 00000002.00000003.1406902541.000001D633E9A000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E97000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://mahler:8092/site-updates.pylcc222.exe, 00000002.00000002.2639687361.000001D6343AF000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        http://crl.securetrust.com/SGCA.crllcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://.../back.jpeglcc222.exe, 00000002.00000002.2640227518.000001D634820000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://tools.ietf.org/html/rfc7231#section-4.3.6)lcc222.exe, 00000002.00000003.1406902541.000001D633E23000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E23000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://httpbin.org/postlcc222.exe, 00000002.00000003.1398565783.000001D633DAC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1397269600.000001D633DE6000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1394281836.000001D633DD1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633D51000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1395921085.000001D633DEA000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633D7F000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1402872571.000001D633DDC000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://crl.dhimyotis.com/certignarootca.crl0lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourcelcc222.exe, 00000002.00000002.2638869887.000001D63388C000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/Ousret/charset_normalizerlcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://pub-df330fbbea624b19b9a4fa4f71271742.r2.dev/windows.zip0lcc222.exe, 00000002.00000002.2640340509.000001D634990000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://urllib3.readthedocs.io/en/latest/advanced-usage.htmllcc222.exe, 00000002.00000003.1406902541.000001D633DFF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E02000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.firmaprofesional.com/cps0lcc222.exe, 00000002.00000002.2639687361.000001D6343AF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_speclcc222.exe, 00000002.00000002.2638869887.000001D63388C000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#lcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/urllib3/urllib3/issues/2920lcc222.exe, 00000002.00000002.2640227518.000001D634820000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://crl.securetrust.com/SGCA.crl0lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datalcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://yahoo.com/lcc222.exe, 00000002.00000002.2639181153.000001D633EDC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639018435.000001D633B20000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://crl.securetrust.com/STCA.crl0lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.quovadisglobal.com/cpsdlcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://tools.ietf.org/html/rfc2388#section-4.4lcc222.exe, 00000002.00000002.2639181153.000001D633D51000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633D7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64lcc222.exe, 00000002.00000003.1406902541.000001D633E9A000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E97000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6lcc222.exe, 00000002.00000003.1407332245.000001D634229000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://html.spec.whatwg.org/multipage/lcc222.exe, 00000002.00000003.1406902541.000001D633E9A000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.quovadisglobal.com/cps0lcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crllcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningslcc222.exe, 00000002.00000002.2640083651.000001D634620000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://crl.dhimyotis.com/certignarootca.crlLlcc222.exe, 00000002.00000002.2639687361.000001D634520000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.rfc-editor.org/rfc/rfc8259#section-8.1lcc222.exe, 00000002.00000002.2639181153.000001D633D51000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633D7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963lcc222.exe, 00000002.00000002.2639548169.000001D634020000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://requests.readthedocs.iolcc222.exe, 00000002.00000002.2640340509.000001D634920000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://peps.python.org/pep-0205/lcc222.exe, 00000002.00000002.2639107806.000001D633C20000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                  		high
                                                                  http://crl.dhimyotis.com/certignarootca.crllcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634520000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://curl.haxx.se/rfc/cookie_spec.htmllcc222.exe, 00000002.00000002.2640227518.000001D634820000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://ocsp.accv.eslcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://pub-df330fbbea624b19b9a4fa4f71271742.r2.dev/windows.zipddlcc222.exe, 00000002.00000002.2638869887.000001D633810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://repository.swisssign.com/lcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamelcc222.exe, 00000002.00000002.2638869887.000001D633810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxylcc222.exe, 00000002.00000002.2640153988.000001D634720000.00000004.00001000.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406859944.000001D6342F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688lcc222.exe, 00000002.00000002.2638869887.000001D633810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://httpbin.org/getlcc222.exe, 00000002.00000002.2640340509.000001D634920000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://crl.xrampsecurity.com/XGCA.crllcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.python.orglcc222.exe, 00000002.00000003.1398565783.000001D633DAC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1397269600.000001D633DE6000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1394281836.000001D633DD1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633D51000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1395921085.000001D633DEA000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633D7F000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1402872571.000001D633DDC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/lcc222.exe, 00000002.00000003.1406902541.000001D633DFF000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://crl.dhimyotis.com/certignarootca.crlglcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.accv.es/legislacion_c.htm0Ulcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codelcc222.exe, 00000002.00000002.2638869887.000001D63388C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://pub-df330fbbea624b19b9a4fa4f71271742.r2.dev/windows.ziplcc222.exe, 00000002.00000002.2640340509.000001D634990000.00000004.00001000.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2638869887.000001D633810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://wwww.certigna.fr/autorites/0mlcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634520000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://ocsp.accv.es0lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.python.org/lcc222.exe, 00000002.00000002.2639687361.000001D6343AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerlcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/python/cpython/issues/86361.lcc222.exe, 00000002.00000003.1398565783.000001D633DAC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633D51000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1398448076.000001D633E33000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633D7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://json.orglcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://httpbin.org/lcc222.exe, 00000002.00000002.2639018435.000001D633B71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://wwww.certigna.fr/autorites/lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulelcc222.exe, 00000002.00000002.2639107806.000001D633C20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://docs.python.org/3/howto/mro.html.lcc222.exe, 00000002.00000003.1392626307.000001D633B6B000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1392321976.000001D633B39000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1392321976.000001D633B45000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2638869887.000001D63388C000.00000004.00001000.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1390993911.000001D633B45000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1391611778.000001D633B6B000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1390906056.000001D633BC8000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                  		high
                                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_packagelcc222.exe, 00000002.00000002.2638869887.000001D63388C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cacheslcc222.exe, 00000002.00000002.2639107806.000001D633C20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://twitter.com/lcc222.exe, 00000002.00000002.2639181153.000001D633EDC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639018435.000001D633B71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.quovadisglobal.com/cpslcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535lcc222.exe, 00000002.00000002.2639181153.000001D633F0F000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1406902541.000001D633F0F000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D63426E000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000003.1407332245.000001D63427E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_modulelcc222.exe, 00000002.00000002.2638869887.000001D633810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sylcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://google.com/lcc222.exe, 00000002.00000002.2639181153.000001D633EDC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639018435.000001D633B20000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639018435.000001D633B71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://google.com/mail/lcc222.exe, 00000002.00000002.2639018435.000001D633B71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.python.org/psf/license/lcc222.exe, 00000002.00000002.2641872223.00007FFBAA8F8000.00000008.00000001.01000000.00000004.sdmp, python312.dll.0.drfalse
                                                                                                                                      		high
                                                                                                                                      http://google.com/mail/lcc222.exe, 00000002.00000003.1407332245.000001D6342D1000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D6342C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://github.com/urllib3/urllib3/issues/32902lcc222.exe, 00000002.00000002.2640153988.000001D634720000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crl.securetrust.com/STCA.crllcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://wwwsearch.sf.net/):lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://github.com/python/importlib_metadata/wiki/Development-Methodologylcc222.exe, 00000002.00000002.2640153988.000001D634720000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/urllib3/urllib3/issues/3290lcc222.exe, 00000002.00000002.2640153988.000001D634720000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.accv.es/legislacion_c.htmlcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://tools.ietf.org/html/rfc6125#section-6.4.3lcc222.exe, 00000002.00000002.2640227518.000001D634820000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://crl.xrampsecurity.com/XGCA.crl0lcc222.exe, 00000002.00000002.2639687361.000001D6343AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.openssl.org/Hlcc222.exe, 00000000.00000003.1384321042.000001F8625F2000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmp, lcc222.exe, 00000002.00000002.2641361232.00007FFBA9FD4000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr, libssl-3.dll.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://crl.certigna.fr/certignarootca.crl01lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634520000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.cert.fnmt.es/dpcs/lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634346000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://docs.python.org/3/library/socket.html#socket.socket.connect_exlcc222.exe, 00000002.00000002.2640227518.000001D634820000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://google.com/maillcc222.exe, 00000002.00000002.2639181153.000001D633EDC000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639687361.000001D634220000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639018435.000001D633B20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://packaging.python.org/specifications/entry-points/lcc222.exe, 00000002.00000002.2639617164.000001D634120000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.accv.es00lcc222.exe, 00000002.00000002.2639687361.000001D6344C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.python.org/psf/license/)lcc222.exe, 00000002.00000002.2641573933.00007FFBAA782000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pylcc222.exe, 00000002.00000002.2638719821.000001D631F21000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacylcc222.exe, 00000002.00000002.2640153988.000001D634720000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://crl.securetrust.com/STCA.crlPlcc222.exe, 00000002.00000002.2639687361.000001D63444A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://peps.python.org/pep-0263/lcc222.exe, 00000002.00000002.2641573933.00007FFBAA782000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://foss.heptapod.net/pypy/pypy/-/issues/3539lcc222.exe, 00000002.00000002.2639548169.000001D634020000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.lcc222.exe, 00000002.00000003.1406902541.000001D633E9A000.00000004.00000020.00020000.00000000.sdmp, lcc222.exe, 00000002.00000002.2639181153.000001D633E97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://github.com/psf/requests/pull/6710lcc222.exe, 00000002.00000002.2640227518.000001D6348E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high

                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                        Public IPs

                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                        172.66.0.235
                                                                                                                                                                                        		pub-df330fbbea624b19b9a4fa4f71271742.r2.devUnited States
                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                        General Information

                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                        Analysis ID:1562225
                                                                                                                                                                                        Start date and time:2024-11-25 11:10:12 +01:00
                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                        Overall analysis duration:0h 7m 7s
                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                        Report type:full
                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                        Number of analysed new started processes analysed:7
                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                        Technologies:
                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                        Sample name:lcc222.exe
                                                                                                                                                                                        Detection:SUS
                                                                                                                                                                                        Classification:sus30.winEXE@3/17@1/1
                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                        Warnings

                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                        • VT rate limit hit for: lcc222.exe

                                                                                                                                                                                        Simulations

                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                        No simulations

                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                        IPs

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        172.66.0.235http://pub-ba5a046c69974217b0431bca4ba43740.r2.dev/rep.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                        • pub-ba5a046c69974217b0431bca4ba43740.r2.dev/rep.html
                                                                                                                                                                                        http://pub-51f896deb233450089fc1a520e6ed957.r2.dev/kanehods.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                        • pub-51f896deb233450089fc1a520e6ed957.r2.dev/kanehods.html
                                                                                                                                                                                        http://pub-7d056bfeb6b04852801553620fe62c0a.r2.dev/brtw.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                        • pub-7d056bfeb6b04852801553620fe62c0a.r2.dev/brtw.html
                                                                                                                                                                                        http://pub-f3922f20d4c74ba1869fd3db906e3295.r2.dev/gsecondcheck.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                        • pub-f3922f20d4c74ba1869fd3db906e3295.r2.dev/gsecondcheck.html
                                                                                                                                                                                        http://pub-7ccd9eed2f7746f0844d3881a62a4c3f.r2.dev/blob%20(1).htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                        • pub-7ccd9eed2f7746f0844d3881a62a4c3f.r2.dev/blob%20(1).html
                                                                                                                                                                                        http://pub-da74aa96e0b9429e84033f8671051bd7.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                        • pub-da74aa96e0b9429e84033f8671051bd7.r2.dev/index.html
                                                                                                                                                                                        http://pub-b8aece6410254e0eafbd860997dcc12f.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                        • pub-b8aece6410254e0eafbd860997dcc12f.r2.dev/index.html
                                                                                                                                                                                        http://pub-a4d4b2b201fe4abc93f68d7648ccb42c.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                        • pub-a4d4b2b201fe4abc93f68d7648ccb42c.r2.dev/index.html
                                                                                                                                                                                        http://pub-0b94d4f0b06646c5bbfca320d917c04a.r2.dev/insured.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                        • pub-0b94d4f0b06646c5bbfca320d917c04a.r2.dev/insured.html
                                                                                                                                                                                        http://pub-1cedadbfd7e64635bb38bf2b96ef0c3f.r2.dev/woosb.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • pub-1cedadbfd7e64635bb38bf2b96ef0c3f.r2.dev/woosb.html

                                                                                                                                                                                        Domains

                                                                                                                                                                                        No context

                                                                                                                                                                                        ASNs

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        CLOUDFLARENETUShttp://taerendil.free.fr/Kzf20FukxrNV0r0Xw3Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 104.16.40.28
                                                                                                                                                                                        IaslcsMo.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                        • 172.67.75.40
                                                                                                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                        • 104.21.88.250
                                                                                                                                                                                        https://google.lt/amp/taerendil.online.fr/gpfv9cqYcuejGaVElbEvNcI6wCkeoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 104.16.40.28
                                                                                                                                                                                        file.exeGet hashmaliciousPureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                        • 172.67.155.47
                                                                                                                                                                                        Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                        • 172.67.177.134
                                                                                                                                                                                        DATASHEET.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                        IETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                        • 172.67.186.192
                                                                                                                                                                                        VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                        • 104.21.67.152

                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                        No context

                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI72642\VCRUNTIME140.dllmain.exeGet hashmaliciousBlank Grabber, SilentXMRMiner, XmrigBrowse
                                                                                                                                                                                          akame.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                            dens.exeGet hashmaliciousPython Stealer, Exela Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                                              client.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                client.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  Runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    #U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exeGet hashmaliciousBlank Grabber, Creal StealerBrowse
                                                                                                                                                                                                      Built.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                        windows update.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          w32e.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\VCRUNTIME140.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):119192
                                                                                                                                                                                                            Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                            MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                            SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                            SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                            SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                            • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: akame.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: dens.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: client.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: client.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: Runtime.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: #U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: Built.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: windows update.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: w32e.exe, Detection: malicious, Browse
                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\_bz2.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):85272
                                                                                                                                                                                                            Entropy (8bit):6.591841805043941
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:Iyhz79151BVo1vXfzIFnaR4bO1As0n8qsjk+VIMCVl7SyVx7:/hzx15evXkuxAP8qMk+VIMCVlJ
                                                                                                                                                                                                            MD5:30F396F8411274F15AC85B14B7B3CD3D
                                                                                                                                                                                                            SHA1:D3921F39E193D89AA93C2677CBFB47BC1EDE949C
                                                                                                                                                                                                            SHA-256:CB15D6CC7268D3A0BD17D9D9CEC330A7C1768B1C911553045C73BC6920DE987F
                                                                                                                                                                                                            SHA-512:7D997EF18E2CBC5BCA20A4730129F69A6D19ABDDA0261B06AD28AD8A2BDDCDECB12E126DF9969539216F4F51467C0FE954E4776D842E7B373FE93A8246A5CA3F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................b....(......(......(......(......(.....................................................Rich...........PE..d....b.f.........." ...(.....^...............................................`............`.........................................p...H............@.......0..D......../...P..........T...........................p...@............................................text...#........................... ..`.rdata..P>.......@..................@..@.data........ ......................@....pdata..D....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\_decimal.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):257304
                                                                                                                                                                                                            Entropy (8bit):6.565831509727426
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:/CxJS14bteS9B+ApcG0Qos0KR29py9qWM53pLW1AZHVHMhhhKoDStGwL0zsWD:/aeS9B+HQosbY9FfHVHXfEsWD
                                                                                                                                                                                                            MD5:7AE94F5A66986CBC1A2B3C65A8D617F3
                                                                                                                                                                                                            SHA1:28ABEFB1DF38514B9FFE562F82F8C77129CA3F7D
                                                                                                                                                                                                            SHA-256:DA8BB3D54BBBA20D8FA6C2FD0A4389AEC80AB6BD490B0ABEF5BD65097CBC0DA4
                                                                                                                                                                                                            SHA-512:FBB599270066C43B5D3A4E965FB2203B085686479AF157CD0BB0D29ED73248B6F6371C5158799F6D58B1F1199B82C01ABE418E609EA98C71C37BB40F3226D8C5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............'.....g&......g&......g&......g&.......!.................9....!.......!.......!.......!K......!......Rich............PE..d...[b.f.........." ...(.....<.......................................................4....`..........................................c..P....c...................&......./......T.......T...............................@............................................text...v........................... ..`.rdata..............................@..@.data...X*.......$...b..............@....pdata...&.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\_hashlib.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):66328
                                                                                                                                                                                                            Entropy (8bit):6.227186392528159
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:9PgLpgE4Z27jHZWZnEmoANIMOIi7SyAx2:9EtHZeEmoANIMOIit
                                                                                                                                                                                                            MD5:A25BC2B21B555293554D7F611EAA75EA
                                                                                                                                                                                                            SHA1:A0DFD4FCFAE5B94D4471357F60569B0C18B30C17
                                                                                                                                                                                                            SHA-256:43ACECDC00DD5F9A19B48FF251106C63C975C732B9A2A7B91714642F76BE074D
                                                                                                                                                                                                            SHA-512:B39767C2757C65500FC4F4289CB3825333D43CB659E3B95AF4347BD2A277A7F25D18359CEDBDDE9A020C7AB57B736548C739909867CE9DE1DBD3F638F4737DC5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8QtZY?'ZY?'ZY?'S!.'^Y?'..>&XY?'..<&YY?'..;&RY?'..:&VY?'.!>&XY?'O.>&_Y?'ZY>'.Y?'O.2&[Y?'O.?&[Y?'O..'[Y?'O.=&[Y?'RichZY?'........PE..d....b.f.........." ...(.V.......... @....................................................`.........................................p...P................................/......X...@}..T............................|..@............p..(............................text....T.......V.................. ..`.rdata...O...p...P...Z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\_lzma.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):160024
                                                                                                                                                                                                            Entropy (8bit):6.85410280956396
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:ssvkxujgo7e2uONOG+hi+CTznfF9mNoDXnmbuVIMZ10L:snu0o7JUCNYOD2Kg
                                                                                                                                                                                                            MD5:9E94FAC072A14CA9ED3F20292169E5B2
                                                                                                                                                                                                            SHA1:1EEAC19715EA32A65641D82A380B9FA624E3CF0D
                                                                                                                                                                                                            SHA-256:A46189C5BD0302029847FED934F481835CB8D06470EA3D6B97ADA7D325218A9F
                                                                                                                                                                                                            SHA-512:B7B3D0F737DD3B88794F75A8A6614C6FB6B1A64398C6330A52A2680CAF7E558038470F6F3FC024CE691F6F51A852C05F7F431AC2687F4525683FF09132A0DECB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.3H%.`H%.`H%.`A]7`L%.`...aJ%.`...aK%.`...a@%.`...aD%.`]..aK%.`.].aJ%.`H%.`-%.`]..ar%.`]..aI%.`].[`I%.`]..aI%.`RichH%.`........................PE..d....b.f.........." ...(.f..........`8..............................................C.....`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text...be.......f.................. ..`.rdata..............j..............@..@.data...p....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\_queue.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):32536
                                                                                                                                                                                                            Entropy (8bit):6.553382348933807
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:WlzRmezj6rGqMoW45IMQUHR5YiSyvMcAMxkEm2j:yRm0mGpoW45IMQUHf7SyVxb
                                                                                                                                                                                                            MD5:E1C6FF3C48D1CA755FB8A2BA700243B2
                                                                                                                                                                                                            SHA1:2F2D4C0F429B8A7144D65B179BEAB2D760396BFB
                                                                                                                                                                                                            SHA-256:0A6ACFD24DFBAA777460C6D003F71AF473D5415607807973A382512F77D075FA
                                                                                                                                                                                                            SHA-512:55BFD1A848F2A70A7A55626FB84086689F867A79F09726C825522D8530F4E83708EB7CAA7F7869155D3AE48F3B6AA583B556F3971A2F3412626AE76680E83CA1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.\.V...V...V...."..V..5...V..5...V..5...V..5...V......V.......V...V...V......V......V....N..V......V..Rich.V..........................PE..d...`b.f.........." ...(.....8............................................................`..........................................C..L...<D..d....p.......`.......P.../...........4..T...........................@3..@............0..8............................text............................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\_socket.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):83736
                                                                                                                                                                                                            Entropy (8bit):6.3186936632343205
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:mOYhekrkJqlerLSyypHf9/s+S+pzMii/n1IsJqKN5IMLwoR7SygCxkWN:vwkJqHyypHf9/sT+pzMiE1IwdN5IMLw0
                                                                                                                                                                                                            MD5:69801D1A0809C52DB984602CA2653541
                                                                                                                                                                                                            SHA1:0F6E77086F049A7C12880829DE051DCBE3D66764
                                                                                                                                                                                                            SHA-256:67ACA001D36F2FCE6D88DBF46863F60C0B291395B6777C22B642198F98184BA3
                                                                                                                                                                                                            SHA-512:5FCE77DD567C046FEB5A13BAF55FDD8112798818D852DFECC752DAC87680CE0B89EDFBFBDAB32404CF471B70453A33F33488D3104CD82F4E0B94290E83EAE7BB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nb}.Nb}.Nb}.6.}.Nb}g.c|.Nb}g.a|.Nb}g.f|.Nb}g.g|.Nb}..c|.Nb}.Nc}.Nb}.6c|.Nb}..o|.Nb}..b|.Nb}..}.Nb}..`|.Nb}Rich.Nb}................PE..d....b.f.........." ...(.x..........0-.......................................`............`.........................................@...P............@.......0.........../...P......P...T...............................@............................................text....v.......x.................. ..`.rdata...x.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\_ssl.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):178456
                                                                                                                                                                                                            Entropy (8bit):5.975111032322451
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:9EkiCZfBmvD1ZLnM2YfW6XSvWJLX2GvMf1ba+VRJNI7IM/H9o/PCrXuI3JVIMC7g:riC5QD1dwW6XSOMfjTwJH
                                                                                                                                                                                                            MD5:90F080C53A2B7E23A5EFD5FD3806F352
                                                                                                                                                                                                            SHA1:E3B339533BC906688B4D885BDC29626FBB9DF2FE
                                                                                                                                                                                                            SHA-256:FA5E6FE9545F83704F78316E27446A0026FBEBB9C0C3C63FAED73A12D89784D4
                                                                                                                                                                                                            SHA-512:4B9B8899052C1E34675985088D39FE7C95BFD1BBCE6FD5CBAC8B1E61EDA2FBB253EEF21F8A5362EA624E8B1696F1E46C366835025AABCB7AA66C1E6709AAB58A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..j8.98.98.91.09>.9._.8:.9._.8;.9._.80.9._.85.9-X.8>.98.9..9s..8?.9-X.8:.9-X.89.9-X\99.9-X.89.9Rich8.9........................PE..d....b.f.........." ...(.............,....................................................`.............................................d...D...................P......../......x.......T...........................@...@............................................text............................... ..`.rdata...#.......$..................@..@.data...p...........................@....pdata..P............b..............@..@.rsrc................n..............@..@.reloc..x............x..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\base_library.zip

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1332808
                                                                                                                                                                                                            Entropy (8bit):5.586996633599356
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:rclJGUq/aLmn9vc+fYNXPh26UZWAzbX7jg/yquPxGhpdmFPpH71dAt/RO2/HU3:rclJGUza9zb/gXOOpdmFPNLAg2/HU3
                                                                                                                                                                                                            MD5:FE165DF1DB950B64688A2E617B4ACA88
                                                                                                                                                                                                            SHA1:71CAE64D1EDD9931EF75E8EF28E812E518B14DDE
                                                                                                                                                                                                            SHA-256:071241AC0FD6E733147A71625DE5EAD3D7702E73F8D1CBEBF3D772CBDCE0BE35
                                                                                                                                                                                                            SHA-512:E492A6278676EF944363149A503C7FADE9D229BDDCE7AFA919F5E72138F49557619B0BDBA68F523FFFE7FBCA2CCFD5E3269355FEBAF01F4830C1A4CC67D2E513
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK..........!.LX. S...S......._collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\certifi\cacert.pem

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):299427
                                                                                                                                                                                                            Entropy (8bit):6.047872935262006
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                            MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                            SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                            SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                            SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                            Entropy (8bit):4.674392865869017
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:KGUmje72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFXiHBpv9cX6gTim1qeSC:rjQ2HzzU2bRYoe1HH9cqgTimoe
                                                                                                                                                                                                            MD5:D9E0217A89D9B9D1D778F7E197E0C191
                                                                                                                                                                                                            SHA1:EC692661FCC0B89E0C3BDE1773A6168D285B4F0D
                                                                                                                                                                                                            SHA-256:ECF12E2C0A00C0ED4E2343EA956D78EED55E5A36BA49773633B2DFE7B04335C0
                                                                                                                                                                                                            SHA-512:3B788AC88C1F2D682C1721C61D223A529697C7E43280686B914467B3B39E7D6DEBAFF4C0E2F42E9DDDB28B522F37CB5A3011E91C66D911609C63509F9228133D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d....jAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):122880
                                                                                                                                                                                                            Entropy (8bit):5.917175475547778
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:bA3W6Fck6/g5DzNa4cMy/dzpd1dhdMdJGFEr6/vD:MW6NzcMy/d13FErgvD
                                                                                                                                                                                                            MD5:BF9A9DA1CF3C98346002648C3EAE6DCF
                                                                                                                                                                                                            SHA1:DB16C09FDC1722631A7A9C465BFE173D94EB5D8B
                                                                                                                                                                                                            SHA-256:4107B1D6F11D842074A9F21323290BBE97E8EED4AA778FBC348EE09CC4FA4637
                                                                                                                                                                                                            SHA-512:7371407D12E632FC8FB031393838D36E6A1FE1E978CED36FF750D84E183CDE6DD20F75074F4597742C9F8D6F87AF12794C589D596A81B920C6C62EE2BA2E5654
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d....jAe.........." ...%.:...........<.......................................0............`.........................................@...d.......................(............ ......P...................................@............P...............................text....8.......:.................. ..`.rdata...W...P...X...>..............@..@.data...8=.......0..................@....pdata..(...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\libcrypto-3.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5232408
                                                                                                                                                                                                            Entropy (8bit):5.940072183736028
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                            MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                            SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                            SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                            SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\libssl-3.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):792856
                                                                                                                                                                                                            Entropy (8bit):5.57949182561317
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                            MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                            SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                            SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                            SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\python312.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):6927640
                                                                                                                                                                                                            Entropy (8bit):5.765552513907485
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:mRSn173WIgXqQYRn0I+gaYFD0iRpIrCMEGXgeieBwHTuJTA8LbLH7ft4OCLj8j4V:mIn8hYEgw8Ij887GlSvBHDMiEruuln
                                                                                                                                                                                                            MD5:166CC2F997CBA5FC011820E6B46E8EA7
                                                                                                                                                                                                            SHA1:D6179213AFEA084F02566EA190202C752286CA1F
                                                                                                                                                                                                            SHA-256:C045B57348C21F5F810BAE60654AE39490846B487378E917595F1F95438F9546
                                                                                                                                                                                                            SHA-512:49D9D4DF3D7EF5737E947A56E48505A2212E05FDBCD7B83D689639728639B7FD3BE39506D7CFCB7563576EBEE879FD305370FDB203909ED9B522B894DD87AACB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..Z%..Z%..Z%......X%....e.T%......^%......R%......W%..S]..@%...]..Q%..Z%..*$..O....%..O...[%..O.g.[%..O...[%..RichZ%..........PE..d...=b.f.........." ...(..(..4B..... .........................................j......[j...`..........................................cN.d...$1O.......i......._.xI....i../... i.([....2.T.....................H.(...p.2.@............ (..............................text.....(.......(................. ..`.rdata...6'.. (..8'...(.............@..@.data....I...`O......HO.............@....pdata..xI...._..J....^.............@..@PyRuntim0.....b.......a.............@....rsrc.........i...... h.............@..@.reloc..([... i..\...*h.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\select.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):31000
                                                                                                                                                                                                            Entropy (8bit):6.556986708902353
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:IyRVBC9t6Lhz64CHf2slDT90Y5IMQGCHQIYiSy1pCQFm/AM+o/8E9VF0Ny/r5n+/:LGyKHfx1H5IMQGY5YiSyv4AMxkEFNnq
                                                                                                                                                                                                            MD5:7C14C7BC02E47D5C8158383CB7E14124
                                                                                                                                                                                                            SHA1:5EE9E5968E7B5CE9E4C53A303DAC9FC8FAF98DF3
                                                                                                                                                                                                            SHA-256:00BD8BB6DEC8C291EC14C8DDFB2209D85F96DB02C7A3C39903803384FF3A65E5
                                                                                                                                                                                                            SHA-512:AF70CBDD882B923013CB47545633B1147CE45C547B8202D7555043CFA77C1DEEE8A51A2BC5F93DB4E3B9CBF7818F625CA8E3B367BFFC534E26D35F475351A77C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'..g'..'-..&..'-..&..'-..&..'-..&..'...&..'..'...'...&..'...&..'...&..'...'..'...&..'Rich..'................PE..d...`b.f.........." ...(.....2.......................................................o....`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI72642\unicodedata.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1138456
                                                                                                                                                                                                            Entropy (8bit):5.4620027688967845
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:arEHdcM6hbuCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcAIU:arEXDCjfk7bPNfv42BN6yzUAIU
                                                                                                                                                                                                            MD5:A8ED52A66731E78B89D3C6C6889C485D
                                                                                                                                                                                                            SHA1:781E5275695ACE4A5C3AD4F2874B5E375B521638
                                                                                                                                                                                                            SHA-256:BF669344D1B1C607D10304BE47D2A2FB572E043109181E2C5C1038485AF0C3D7
                                                                                                                                                                                                            SHA-512:1C131911F120A4287EBF596C52DE047309E3BE6D99BC18555BD309A27E057CC895A018376AA134DF1DC13569F47C97C1A6E8872ACEDFA06930BBF2B175AF9017
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#.}.#.}.#.}.*..%.}..*|.!.}..*~. .}..*y.+.}..*x...}.6-|. .}.h.|.!.}.#.|.s.}.6-p.".}.6-}.".}.6-..".}.6-..".}.Rich#.}.........PE..d...`b.f.........." ...(.@..........0*.......................................p.......)....`.........................................p...X............P.......@.......0.../...`......P^..T............................]..@............P..p............................text...!>.......@.................. ..`.rdata..\....P.......D..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Entropy (8bit):7.99210468630329
                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                            • Win64 Executable GUI (202006/5) 77.37%
                                                                                                                                                                                                            • InstallShield setup (43055/19) 16.49%
                                                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                                                                                            File name:lcc222.exe
                                                                                                                                                                                                            File size:8'547'622 bytes
                                                                                                                                                                                                            MD5:06c6aa662ce822503bc39a1c80169b51
                                                                                                                                                                                                            SHA1:6d152057b2a41eb434208443554816e5a60db444
                                                                                                                                                                                                            SHA256:36b395baef52c38bb9f327a43371a58a030d9a558038c40924f87a54058bbe1d
                                                                                                                                                                                                            SHA512:c50d54696370b58ecf5ec727945fd78c0da95374f0ee4bac292ab733656f98f655d2b64b4f7d1178fdc1fa43ceebfa8eee51246f6afaafbff866fba6934ff7ad
                                                                                                                                                                                                            SSDEEP:196608:+DCOwVEo+2XMCHGLLc54i1wN+4jXx5nDasqWQ2dTNUGqlS+iITxemA60x:OCVVEb2XMCHWUjQjx5WsqWxTwDT8iA
                                                                                                                                                                                                            TLSH:5D86335553E04CE5F8F7443D98A6945ABA72F8570764CA9F939C12E20E332D0BE7CB22
                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Zpc.Zpc.Zpc...`.]pc...f..pc...g.Ppc.....Ypc...`.Spc...g.Kpc...f.rpc...b.Qpc.Zpb..pc.O.g.Cpc.O.a.[pc.RichZpc.........PE..d..

                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                            Icon Hash:4a464cd47461e179

                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Entrypoint:0x14000cdb0
                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                            Time Stamp:0x673E290A [Wed Nov 20 18:23:06 2024 UTC]
                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                            File Version Major:6
                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                            Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                            call 00007F2AE86F8B1Ch
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                            jmp 00007F2AE86F873Fh
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                            call 00007F2AE86F8EE8h
                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                            je 00007F2AE86F88E3h
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            mov eax, dword ptr [00000030h]
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                            jmp 00007F2AE86F88C7h
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            cmp ecx, eax
                                                                                                                                                                                                            je 00007F2AE86F88D6h
                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            cmpxchg dword ptr [0003577Ch], ecx
                                                                                                                                                                                                            jne 00007F2AE86F88B0h
                                                                                                                                                                                                            xor al, al
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            mov al, 01h
                                                                                                                                                                                                            jmp 00007F2AE86F88B9h
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                            test ecx, ecx
                                                                                                                                                                                                            jne 00007F2AE86F88C9h
                                                                                                                                                                                                            mov byte ptr [00035765h], 00000001h
                                                                                                                                                                                                            call 00007F2AE86F8015h
                                                                                                                                                                                                            call 00007F2AE86F9300h
                                                                                                                                                                                                            test al, al
                                                                                                                                                                                                            jne 00007F2AE86F88C6h
                                                                                                                                                                                                            xor al, al
                                                                                                                                                                                                            jmp 00007F2AE86F88D6h
                                                                                                                                                                                                            call 00007F2AE8705E1Fh
                                                                                                                                                                                                            test al, al
                                                                                                                                                                                                            jne 00007F2AE86F88CBh
                                                                                                                                                                                                            xor ecx, ecx
                                                                                                                                                                                                            call 00007F2AE86F9310h
                                                                                                                                                                                                            jmp 00007F2AE86F88ACh
                                                                                                                                                                                                            mov al, 01h
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            inc eax
                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            sub esp, 20h
                                                                                                                                                                                                            cmp byte ptr [0003572Ch], 00000000h
                                                                                                                                                                                                            mov ebx, ecx
                                                                                                                                                                                                            jne 00007F2AE86F8929h
                                                                                                                                                                                                            cmp ecx, 01h
                                                                                                                                                                                                            jnbe 00007F2AE86F892Ch
                                                                                                                                                                                                            call 00007F2AE86F8E5Eh
                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                            je 00007F2AE86F88EAh
                                                                                                                                                                                                            test ebx, ebx
                                                                                                                                                                                                            jne 00007F2AE86F88E6h
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            lea ecx, dword ptr [00035716h]
                                                                                                                                                                                                            call 00007F2AE8705C12h

                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca5c0x78.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xf41c.rsrc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2250.pdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x570000x764.reloc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                            Sections

                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                            .text0x10000x29f000x2a000a6c3b829cc8eaabb1a474c227e90407fFalse0.5514206659226191data6.487493643901088IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .rdata0x2b0000x12a500x12c0053466b843f7d316c4f1a16a153b09a59False0.5245182291666667data5.752782579598745IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .pdata0x440000x22500x2400181312260a85d10a1454ba38901c499bFalse0.4705946180555556data5.290347578351011IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .rsrc0x470000xf41c0xf600455788c285fcfdcb4008bc77e762818aFalse0.803099593495935data7.5549760623589695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .reloc0x570000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                            Resources

                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                            RT_ICON0x472080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                            RT_ICON0x480b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                            RT_ICON0x489580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                            RT_ICON0x48ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                            RT_ICON0x523ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                            RT_ICON0x549940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                            RT_ICON0x55a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                            RT_GROUP_ICON0x55ea40x68data0.7019230769230769
                                                                                                                                                                                                            RT_MANIFEST0x55f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                            Imports

                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                            USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                            COMCTL32.dll
                                                                                                                                                                                                            KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                            ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                            GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Nov 25, 2024 11:11:09.588572025 CET49707443192.168.2.8172.66.0.235
                                                                                                                                                                                                            Nov 25, 2024 11:11:09.588618040 CET44349707172.66.0.235192.168.2.8
                                                                                                                                                                                                            Nov 25, 2024 11:11:09.588713884 CET49707443192.168.2.8172.66.0.235
                                                                                                                                                                                                            Nov 25, 2024 11:11:09.589618921 CET49707443192.168.2.8172.66.0.235
                                                                                                                                                                                                            Nov 25, 2024 11:11:09.589634895 CET44349707172.66.0.235192.168.2.8
                                                                                                                                                                                                            Nov 25, 2024 11:11:10.853543043 CET44349707172.66.0.235192.168.2.8
                                                                                                                                                                                                            Nov 25, 2024 11:11:10.855004072 CET49707443192.168.2.8172.66.0.235
                                                                                                                                                                                                            Nov 25, 2024 11:11:10.855031967 CET44349707172.66.0.235192.168.2.8
                                                                                                                                                                                                            Nov 25, 2024 11:11:10.856436014 CET44349707172.66.0.235192.168.2.8
                                                                                                                                                                                                            Nov 25, 2024 11:11:10.856501102 CET49707443192.168.2.8172.66.0.235
                                                                                                                                                                                                            Nov 25, 2024 11:11:10.860919952 CET49707443192.168.2.8172.66.0.235
                                                                                                                                                                                                            Nov 25, 2024 11:11:10.861083031 CET49707443192.168.2.8172.66.0.235

                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Nov 25, 2024 11:11:09.320950031 CET5450853192.168.2.81.1.1.1
                                                                                                                                                                                                            Nov 25, 2024 11:11:09.574898958 CET53545081.1.1.1192.168.2.8

                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                            Nov 25, 2024 11:11:09.320950031 CET192.168.2.81.1.1.10x6cb2Standard query (0)pub-df330fbbea624b19b9a4fa4f71271742.r2.devA (IP address)IN (0x0001)false

                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                            Nov 25, 2024 11:11:09.574898958 CET1.1.1.1192.168.2.80x6cb2No error (0)pub-df330fbbea624b19b9a4fa4f71271742.r2.dev172.66.0.235A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 25, 2024 11:11:09.574898958 CET1.1.1.1192.168.2.80x6cb2No error (0)pub-df330fbbea624b19b9a4fa4f71271742.r2.dev162.159.140.237A (IP address)IN (0x0001)false

                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                            Start time:05:11:04
                                                                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                                                                            Path:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\lcc222.exe"
                                                                                                                                                                                                            Imagebase:0x7ff6ca230000
                                                                                                                                                                                                            File size:8'547'622 bytes
                                                                                                                                                                                                            MD5 hash:06C6AA662CE822503BC39A1C80169B51
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                            Start time:05:11:05
                                                                                                                                                                                                            Start date:25/11/2024
                                                                                                                                                                                                            Path:C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\lcc222.exe"
                                                                                                                                                                                                            Imagebase:0x7ff6ca230000
                                                                                                                                                                                                            File size:8'547'622 bytes
                                                                                                                                                                                                            MD5 hash:06C6AA662CE822503BC39A1C80169B51
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:9.5%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:20%
                                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                                              Total number of Limit Nodes:36
                                                                                                                                                                                                              execution_graph 19519 7ff6ca25ad69 19522 7ff6ca245478 LeaveCriticalSection 19519->19522 19760 7ff6ca25abe3 19762 7ff6ca25abf3 19760->19762 19764 7ff6ca245478 LeaveCriticalSection 19762->19764 19508 7ff6ca23bae0 19509 7ff6ca23bb0e 19508->19509 19510 7ff6ca23baf5 19508->19510 19510->19509 19512 7ff6ca24d5fc 12 API calls 19510->19512 19511 7ff6ca23bb6e 19512->19511 18871 7ff6ca2508c8 18872 7ff6ca2508ec 18871->18872 18876 7ff6ca2508fc 18871->18876 18873 7ff6ca244f08 memcpy_s 11 API calls 18872->18873 18874 7ff6ca2508f1 18873->18874 18875 7ff6ca250bdc 18878 7ff6ca244f08 memcpy_s 11 API calls 18875->18878 18876->18875 18877 7ff6ca25091e 18876->18877 18879 7ff6ca25093f 18877->18879 19002 7ff6ca250f84 18877->19002 18880 7ff6ca250be1 18878->18880 18883 7ff6ca2509b1 18879->18883 18884 7ff6ca2509a5 18879->18884 18885 7ff6ca250965 18879->18885 18882 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18880->18882 18882->18874 18887 7ff6ca24eb98 memcpy_s 11 API calls 18883->18887 18901 7ff6ca250974 18883->18901 18898 7ff6ca250a5e 18884->18898 18884->18901 19023 7ff6ca25712c 18884->19023 19017 7ff6ca2496c0 18885->19017 18890 7ff6ca2509c7 18887->18890 18889 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18889->18874 18893 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18890->18893 18892 7ff6ca250a7b 18896 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18892->18896 18899 7ff6ca2509d5 18893->18899 18894 7ff6ca25096f 18900 7ff6ca244f08 memcpy_s 11 API calls 18894->18900 18895 7ff6ca250acd 18895->18901 18904 7ff6ca2533dc 40 API calls 18895->18904 18902 7ff6ca250a84 18896->18902 18897 7ff6ca25098d 18897->18884 18903 7ff6ca250f84 45 API calls 18897->18903 18898->18892 18898->18895 18899->18884 18899->18901 18906 7ff6ca24eb98 memcpy_s 11 API calls 18899->18906 18900->18901 18901->18889 18912 7ff6ca250a89 18902->18912 19059 7ff6ca2533dc 18902->19059 18903->18884 18905 7ff6ca250b0a 18904->18905 18907 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18905->18907 18909 7ff6ca2509f7 18906->18909 18911 7ff6ca250b14 18907->18911 18910 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18909->18910 18910->18884 18911->18901 18911->18912 18913 7ff6ca250bd0 18912->18913 18917 7ff6ca24eb98 memcpy_s 11 API calls 18912->18917 18915 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18913->18915 18914 7ff6ca250ab5 18916 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18914->18916 18915->18874 18916->18912 18918 7ff6ca250b58 18917->18918 18919 7ff6ca250b69 18918->18919 18920 7ff6ca250b60 18918->18920 18921 7ff6ca24a4a4 __std_exception_copy 37 API calls 18919->18921 18922 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18920->18922 18923 7ff6ca250b78 18921->18923 18924 7ff6ca250b67 18922->18924 18925 7ff6ca250c0b 18923->18925 18926 7ff6ca250b80 18923->18926 18929 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18924->18929 18928 7ff6ca24a900 _isindst 17 API calls 18925->18928 19068 7ff6ca257244 18926->19068 18931 7ff6ca250c1f 18928->18931 18929->18874 18934 7ff6ca250c48 18931->18934 18940 7ff6ca250c58 18931->18940 18932 7ff6ca250ba7 18935 7ff6ca244f08 memcpy_s 11 API calls 18932->18935 18933 7ff6ca250bc8 18937 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18933->18937 18936 7ff6ca244f08 memcpy_s 11 API calls 18934->18936 18938 7ff6ca250bac 18935->18938 18961 7ff6ca250c4d 18936->18961 18937->18913 18941 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18938->18941 18939 7ff6ca250f3b 18943 7ff6ca244f08 memcpy_s 11 API calls 18939->18943 18940->18939 18942 7ff6ca250c7a 18940->18942 18941->18924 18944 7ff6ca250c97 18942->18944 19087 7ff6ca25106c 18942->19087 18945 7ff6ca250f40 18943->18945 18948 7ff6ca250d0b 18944->18948 18950 7ff6ca250cbf 18944->18950 18956 7ff6ca250cff 18944->18956 18947 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18945->18947 18947->18961 18952 7ff6ca250d33 18948->18952 18957 7ff6ca24eb98 memcpy_s 11 API calls 18948->18957 18972 7ff6ca250cce 18948->18972 18949 7ff6ca250dbe 18959 7ff6ca250ddb 18949->18959 18969 7ff6ca250e2e 18949->18969 19102 7ff6ca2496fc 18950->19102 18954 7ff6ca24eb98 memcpy_s 11 API calls 18952->18954 18952->18956 18952->18972 18960 7ff6ca250d55 18954->18960 18955 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18955->18961 18956->18949 18956->18972 19108 7ff6ca256fec 18956->19108 18962 7ff6ca250d25 18957->18962 18965 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18959->18965 18966 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18960->18966 18967 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18962->18967 18963 7ff6ca250ce7 18963->18956 18971 7ff6ca25106c 45 API calls 18963->18971 18964 7ff6ca250cc9 18968 7ff6ca244f08 memcpy_s 11 API calls 18964->18968 18970 7ff6ca250de4 18965->18970 18966->18956 18967->18952 18968->18972 18969->18972 18973 7ff6ca2533dc 40 API calls 18969->18973 18976 7ff6ca2533dc 40 API calls 18970->18976 18978 7ff6ca250dea 18970->18978 18971->18956 18972->18955 18974 7ff6ca250e6c 18973->18974 18975 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18974->18975 18977 7ff6ca250e76 18975->18977 18980 7ff6ca250e16 18976->18980 18977->18972 18977->18978 18979 7ff6ca250f2f 18978->18979 18983 7ff6ca24eb98 memcpy_s 11 API calls 18978->18983 18981 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18979->18981 18982 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18980->18982 18981->18961 18982->18978 18984 7ff6ca250ebb 18983->18984 18985 7ff6ca250ecc 18984->18985 18986 7ff6ca250ec3 18984->18986 18988 7ff6ca250474 37 API calls 18985->18988 18987 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18986->18987 18989 7ff6ca250eca 18987->18989 18990 7ff6ca250eda 18988->18990 18996 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18989->18996 18991 7ff6ca250ee2 SetEnvironmentVariableW 18990->18991 18992 7ff6ca250f6f 18990->18992 18993 7ff6ca250f06 18991->18993 18994 7ff6ca250f27 18991->18994 18995 7ff6ca24a900 _isindst 17 API calls 18992->18995 18997 7ff6ca244f08 memcpy_s 11 API calls 18993->18997 18999 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18994->18999 18998 7ff6ca250f83 18995->18998 18996->18961 19000 7ff6ca250f0b 18997->19000 18999->18979 19001 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19000->19001 19001->18989 19003 7ff6ca250fb9 19002->19003 19004 7ff6ca250fa1 19002->19004 19005 7ff6ca24eb98 memcpy_s 11 API calls 19003->19005 19004->18879 19006 7ff6ca250fdd 19005->19006 19007 7ff6ca25103e 19006->19007 19011 7ff6ca24eb98 memcpy_s 11 API calls 19006->19011 19012 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19006->19012 19013 7ff6ca24a4a4 __std_exception_copy 37 API calls 19006->19013 19014 7ff6ca25104d 19006->19014 19016 7ff6ca251062 19006->19016 19009 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19007->19009 19008 7ff6ca24a504 _CreateFrameInfo 45 API calls 19010 7ff6ca251068 19008->19010 19009->19004 19011->19006 19012->19006 19013->19006 19015 7ff6ca24a900 _isindst 17 API calls 19014->19015 19015->19016 19016->19008 19018 7ff6ca2496d9 19017->19018 19019 7ff6ca2496d0 19017->19019 19018->18894 19018->18897 19019->19018 19132 7ff6ca249198 19019->19132 19024 7ff6ca257139 19023->19024 19025 7ff6ca256254 19023->19025 19027 7ff6ca244f4c 45 API calls 19024->19027 19026 7ff6ca256261 19025->19026 19034 7ff6ca256297 19025->19034 19030 7ff6ca244f08 memcpy_s 11 API calls 19026->19030 19043 7ff6ca256208 19026->19043 19029 7ff6ca25716d 19027->19029 19028 7ff6ca2562c1 19031 7ff6ca244f08 memcpy_s 11 API calls 19028->19031 19032 7ff6ca257172 19029->19032 19036 7ff6ca257183 19029->19036 19040 7ff6ca25719a 19029->19040 19033 7ff6ca25626b 19030->19033 19035 7ff6ca2562c6 19031->19035 19032->18884 19037 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 19033->19037 19034->19028 19038 7ff6ca2562e6 19034->19038 19039 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 19035->19039 19041 7ff6ca244f08 memcpy_s 11 API calls 19036->19041 19042 7ff6ca256276 19037->19042 19047 7ff6ca244f4c 45 API calls 19038->19047 19049 7ff6ca2562d1 19038->19049 19039->19049 19045 7ff6ca2571b6 19040->19045 19046 7ff6ca2571a4 19040->19046 19044 7ff6ca257188 19041->19044 19042->18884 19043->18884 19052 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 19044->19052 19050 7ff6ca2571c7 19045->19050 19051 7ff6ca2571de 19045->19051 19048 7ff6ca244f08 memcpy_s 11 API calls 19046->19048 19047->19049 19053 7ff6ca2571a9 19048->19053 19049->18884 19364 7ff6ca2562a4 19050->19364 19373 7ff6ca258f4c 19051->19373 19052->19032 19056 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 19053->19056 19056->19032 19058 7ff6ca244f08 memcpy_s 11 API calls 19058->19032 19060 7ff6ca25341b 19059->19060 19061 7ff6ca2533fe 19059->19061 19063 7ff6ca253425 19060->19063 19413 7ff6ca257c38 19060->19413 19061->19060 19062 7ff6ca25340c 19061->19062 19064 7ff6ca244f08 memcpy_s 11 API calls 19062->19064 19420 7ff6ca257c74 19063->19420 19066 7ff6ca253411 memcpy_s 19064->19066 19066->18914 19069 7ff6ca244f4c 45 API calls 19068->19069 19070 7ff6ca2572aa 19069->19070 19072 7ff6ca2572b8 19070->19072 19432 7ff6ca24ef24 19070->19432 19435 7ff6ca2454ac 19072->19435 19075 7ff6ca2573a4 19078 7ff6ca2573b5 19075->19078 19079 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19075->19079 19076 7ff6ca244f4c 45 API calls 19077 7ff6ca257327 19076->19077 19081 7ff6ca24ef24 5 API calls 19077->19081 19084 7ff6ca257330 19077->19084 19080 7ff6ca250ba3 19078->19080 19082 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19078->19082 19079->19078 19080->18932 19080->18933 19081->19084 19082->19080 19083 7ff6ca2454ac 14 API calls 19085 7ff6ca25738b 19083->19085 19084->19083 19085->19075 19086 7ff6ca257393 SetEnvironmentVariableW 19085->19086 19086->19075 19088 7ff6ca2510ac 19087->19088 19089 7ff6ca25108f 19087->19089 19090 7ff6ca24eb98 memcpy_s 11 API calls 19088->19090 19089->18944 19097 7ff6ca2510d0 19090->19097 19091 7ff6ca251154 19093 7ff6ca24a504 _CreateFrameInfo 45 API calls 19091->19093 19092 7ff6ca251131 19094 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19092->19094 19095 7ff6ca25115a 19093->19095 19094->19089 19096 7ff6ca24eb98 memcpy_s 11 API calls 19096->19097 19097->19091 19097->19092 19097->19096 19098 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19097->19098 19099 7ff6ca250474 37 API calls 19097->19099 19100 7ff6ca251140 19097->19100 19098->19097 19099->19097 19101 7ff6ca24a900 _isindst 17 API calls 19100->19101 19101->19091 19103 7ff6ca249715 19102->19103 19104 7ff6ca24970c 19102->19104 19103->18963 19103->18964 19104->19103 19457 7ff6ca24920c 19104->19457 19109 7ff6ca256ff9 19108->19109 19113 7ff6ca257026 19108->19113 19110 7ff6ca256ffe 19109->19110 19109->19113 19111 7ff6ca244f08 memcpy_s 11 API calls 19110->19111 19114 7ff6ca257003 19111->19114 19112 7ff6ca25706a 19115 7ff6ca244f08 memcpy_s 11 API calls 19112->19115 19113->19112 19116 7ff6ca257089 19113->19116 19130 7ff6ca25705e __crtLCMapStringW 19113->19130 19117 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 19114->19117 19118 7ff6ca25706f 19115->19118 19119 7ff6ca257093 19116->19119 19120 7ff6ca2570a5 19116->19120 19121 7ff6ca25700e 19117->19121 19123 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 19118->19123 19124 7ff6ca244f08 memcpy_s 11 API calls 19119->19124 19122 7ff6ca244f4c 45 API calls 19120->19122 19121->18956 19126 7ff6ca2570b2 19122->19126 19123->19130 19125 7ff6ca257098 19124->19125 19127 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 19125->19127 19126->19130 19504 7ff6ca258b08 19126->19504 19127->19130 19130->18956 19131 7ff6ca244f08 memcpy_s 11 API calls 19131->19130 19133 7ff6ca2491ad 19132->19133 19134 7ff6ca2491b1 19132->19134 19133->19018 19147 7ff6ca2494ec 19133->19147 19155 7ff6ca2525f0 19134->19155 19139 7ff6ca2491c3 19141 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19139->19141 19140 7ff6ca2491cf 19181 7ff6ca24927c 19140->19181 19141->19133 19144 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19145 7ff6ca2491f6 19144->19145 19146 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19145->19146 19146->19133 19148 7ff6ca249515 19147->19148 19153 7ff6ca24952e 19147->19153 19148->19018 19149 7ff6ca24eb98 memcpy_s 11 API calls 19149->19153 19150 7ff6ca2495be 19152 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19150->19152 19151 7ff6ca2507e8 WideCharToMultiByte 19151->19153 19152->19148 19153->19148 19153->19149 19153->19150 19153->19151 19154 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19153->19154 19154->19153 19156 7ff6ca2525fd 19155->19156 19157 7ff6ca2491b6 19155->19157 19200 7ff6ca24b224 19156->19200 19161 7ff6ca25292c GetEnvironmentStringsW 19157->19161 19162 7ff6ca25295c 19161->19162 19163 7ff6ca2491bb 19161->19163 19164 7ff6ca2507e8 WideCharToMultiByte 19162->19164 19163->19139 19163->19140 19165 7ff6ca2529ad 19164->19165 19166 7ff6ca2529b4 FreeEnvironmentStringsW 19165->19166 19167 7ff6ca24d5fc _fread_nolock 12 API calls 19165->19167 19166->19163 19168 7ff6ca2529c7 19167->19168 19169 7ff6ca2529d8 19168->19169 19170 7ff6ca2529cf 19168->19170 19172 7ff6ca2507e8 WideCharToMultiByte 19169->19172 19171 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19170->19171 19173 7ff6ca2529d6 19171->19173 19174 7ff6ca2529fb 19172->19174 19173->19166 19175 7ff6ca252a09 19174->19175 19176 7ff6ca2529ff 19174->19176 19178 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19175->19178 19177 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19176->19177 19179 7ff6ca252a07 FreeEnvironmentStringsW 19177->19179 19178->19179 19179->19163 19182 7ff6ca2492a1 19181->19182 19183 7ff6ca24eb98 memcpy_s 11 API calls 19182->19183 19184 7ff6ca2492d7 19183->19184 19187 7ff6ca249352 19184->19187 19189 7ff6ca24eb98 memcpy_s 11 API calls 19184->19189 19190 7ff6ca249341 19184->19190 19191 7ff6ca24a4a4 __std_exception_copy 37 API calls 19184->19191 19194 7ff6ca249377 19184->19194 19197 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19184->19197 19198 7ff6ca2492df 19184->19198 19185 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19186 7ff6ca2491d7 19185->19186 19186->19144 19188 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19187->19188 19188->19186 19189->19184 19358 7ff6ca2494a8 19190->19358 19191->19184 19196 7ff6ca24a900 _isindst 17 API calls 19194->19196 19195 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19195->19198 19199 7ff6ca24938a 19196->19199 19197->19184 19198->19185 19201 7ff6ca24b235 FlsGetValue 19200->19201 19202 7ff6ca24b250 FlsSetValue 19200->19202 19203 7ff6ca24b24a 19201->19203 19204 7ff6ca24b242 19201->19204 19202->19204 19205 7ff6ca24b25d 19202->19205 19203->19202 19207 7ff6ca24b248 19204->19207 19208 7ff6ca24a504 _CreateFrameInfo 45 API calls 19204->19208 19206 7ff6ca24eb98 memcpy_s 11 API calls 19205->19206 19209 7ff6ca24b26c 19206->19209 19220 7ff6ca2522c4 19207->19220 19210 7ff6ca24b2c5 19208->19210 19211 7ff6ca24b28a FlsSetValue 19209->19211 19212 7ff6ca24b27a FlsSetValue 19209->19212 19214 7ff6ca24b296 FlsSetValue 19211->19214 19215 7ff6ca24b2a8 19211->19215 19213 7ff6ca24b283 19212->19213 19216 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19213->19216 19214->19213 19217 7ff6ca24aef4 memcpy_s 11 API calls 19215->19217 19216->19204 19218 7ff6ca24b2b0 19217->19218 19219 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19218->19219 19219->19207 19243 7ff6ca252534 19220->19243 19222 7ff6ca2522f9 19258 7ff6ca251fc4 19222->19258 19225 7ff6ca252316 19225->19157 19226 7ff6ca24d5fc _fread_nolock 12 API calls 19227 7ff6ca252327 19226->19227 19228 7ff6ca25232f 19227->19228 19230 7ff6ca25233e 19227->19230 19229 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19228->19229 19229->19225 19230->19230 19265 7ff6ca25266c 19230->19265 19233 7ff6ca25243a 19234 7ff6ca244f08 memcpy_s 11 API calls 19233->19234 19235 7ff6ca25243f 19234->19235 19238 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19235->19238 19236 7ff6ca252495 19237 7ff6ca2524fc 19236->19237 19276 7ff6ca251df4 19236->19276 19241 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19237->19241 19238->19225 19239 7ff6ca252454 19239->19236 19242 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19239->19242 19241->19225 19242->19236 19244 7ff6ca252557 19243->19244 19245 7ff6ca252561 19244->19245 19291 7ff6ca2502d8 EnterCriticalSection 19244->19291 19248 7ff6ca2525d3 19245->19248 19250 7ff6ca24a504 _CreateFrameInfo 45 API calls 19245->19250 19248->19222 19252 7ff6ca2525eb 19250->19252 19254 7ff6ca252642 19252->19254 19255 7ff6ca24b224 50 API calls 19252->19255 19254->19222 19256 7ff6ca25262c 19255->19256 19257 7ff6ca2522c4 65 API calls 19256->19257 19257->19254 19259 7ff6ca244f4c 45 API calls 19258->19259 19260 7ff6ca251fd8 19259->19260 19261 7ff6ca251ff6 19260->19261 19262 7ff6ca251fe4 GetOEMCP 19260->19262 19263 7ff6ca251ffb GetACP 19261->19263 19264 7ff6ca25200b 19261->19264 19262->19264 19263->19264 19264->19225 19264->19226 19266 7ff6ca251fc4 47 API calls 19265->19266 19267 7ff6ca252699 19266->19267 19268 7ff6ca2527ef 19267->19268 19270 7ff6ca2526d6 IsValidCodePage 19267->19270 19275 7ff6ca2526f0 memcpy_s 19267->19275 19269 7ff6ca23c550 _log10_special 8 API calls 19268->19269 19271 7ff6ca252431 19269->19271 19270->19268 19272 7ff6ca2526e7 19270->19272 19271->19233 19271->19239 19273 7ff6ca252716 GetCPInfo 19272->19273 19272->19275 19273->19268 19273->19275 19292 7ff6ca2520dc 19275->19292 19357 7ff6ca2502d8 EnterCriticalSection 19276->19357 19293 7ff6ca252119 GetCPInfo 19292->19293 19302 7ff6ca25220f 19292->19302 19299 7ff6ca25212c 19293->19299 19293->19302 19294 7ff6ca23c550 _log10_special 8 API calls 19296 7ff6ca2522ae 19294->19296 19295 7ff6ca252e40 48 API calls 19297 7ff6ca2521a3 19295->19297 19296->19268 19303 7ff6ca257b84 19297->19303 19299->19295 19301 7ff6ca257b84 54 API calls 19301->19302 19302->19294 19304 7ff6ca244f4c 45 API calls 19303->19304 19305 7ff6ca257ba9 19304->19305 19308 7ff6ca257850 19305->19308 19309 7ff6ca257891 19308->19309 19310 7ff6ca24f8a0 _fread_nolock MultiByteToWideChar 19309->19310 19313 7ff6ca2578db 19310->19313 19311 7ff6ca257b59 19312 7ff6ca23c550 _log10_special 8 API calls 19311->19312 19314 7ff6ca2521d6 19312->19314 19313->19311 19315 7ff6ca24d5fc _fread_nolock 12 API calls 19313->19315 19316 7ff6ca257a11 19313->19316 19318 7ff6ca257913 19313->19318 19314->19301 19315->19318 19316->19311 19317 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19316->19317 19317->19311 19318->19316 19319 7ff6ca24f8a0 _fread_nolock MultiByteToWideChar 19318->19319 19320 7ff6ca257986 19319->19320 19320->19316 19339 7ff6ca24f0e4 19320->19339 19323 7ff6ca257a22 19325 7ff6ca24d5fc _fread_nolock 12 API calls 19323->19325 19327 7ff6ca257af4 19323->19327 19328 7ff6ca257a40 19323->19328 19324 7ff6ca2579d1 19324->19316 19326 7ff6ca24f0e4 __crtLCMapStringW 6 API calls 19324->19326 19325->19328 19326->19316 19327->19316 19329 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19327->19329 19328->19316 19330 7ff6ca24f0e4 __crtLCMapStringW 6 API calls 19328->19330 19329->19316 19331 7ff6ca257ac0 19330->19331 19331->19327 19332 7ff6ca257af6 19331->19332 19333 7ff6ca257ae0 19331->19333 19334 7ff6ca2507e8 WideCharToMultiByte 19332->19334 19335 7ff6ca2507e8 WideCharToMultiByte 19333->19335 19336 7ff6ca257aee 19334->19336 19335->19336 19336->19327 19337 7ff6ca257b0e 19336->19337 19337->19316 19338 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19337->19338 19338->19316 19345 7ff6ca24ed10 19339->19345 19342 7ff6ca24f12a 19342->19316 19342->19323 19342->19324 19344 7ff6ca24f193 LCMapStringW 19344->19342 19346 7ff6ca24ed6d 19345->19346 19348 7ff6ca24ed68 __vcrt_InitializeCriticalSectionEx 19345->19348 19346->19342 19354 7ff6ca24f1d0 19346->19354 19347 7ff6ca24ed9d LoadLibraryExW 19350 7ff6ca24ee72 19347->19350 19351 7ff6ca24edc2 GetLastError 19347->19351 19348->19346 19348->19347 19349 7ff6ca24ee92 GetProcAddress 19348->19349 19353 7ff6ca24edfc LoadLibraryExW 19348->19353 19349->19346 19350->19349 19352 7ff6ca24ee89 FreeLibrary 19350->19352 19351->19348 19352->19349 19353->19348 19353->19350 19355 7ff6ca24ed10 __crtLCMapStringW 5 API calls 19354->19355 19356 7ff6ca24f1fe __crtLCMapStringW 19355->19356 19356->19344 19362 7ff6ca2494ad 19358->19362 19363 7ff6ca249349 19358->19363 19359 7ff6ca2494d6 19361 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19359->19361 19360 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19360->19362 19361->19363 19362->19359 19362->19360 19363->19195 19365 7ff6ca2562d8 19364->19365 19366 7ff6ca2562c1 19364->19366 19365->19366 19369 7ff6ca2562e6 19365->19369 19367 7ff6ca244f08 memcpy_s 11 API calls 19366->19367 19368 7ff6ca2562c6 19367->19368 19370 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 19368->19370 19371 7ff6ca244f4c 45 API calls 19369->19371 19372 7ff6ca2562d1 19369->19372 19370->19372 19371->19372 19372->19032 19374 7ff6ca244f4c 45 API calls 19373->19374 19375 7ff6ca258f71 19374->19375 19378 7ff6ca258bc8 19375->19378 19380 7ff6ca258c16 19378->19380 19379 7ff6ca23c550 _log10_special 8 API calls 19381 7ff6ca257205 19379->19381 19382 7ff6ca258c9d 19380->19382 19384 7ff6ca258c88 GetCPInfo 19380->19384 19387 7ff6ca258ca1 19380->19387 19381->19032 19381->19058 19383 7ff6ca24f8a0 _fread_nolock MultiByteToWideChar 19382->19383 19382->19387 19385 7ff6ca258d35 19383->19385 19384->19382 19384->19387 19386 7ff6ca24d5fc _fread_nolock 12 API calls 19385->19386 19385->19387 19388 7ff6ca258d6c 19385->19388 19386->19388 19387->19379 19388->19387 19389 7ff6ca24f8a0 _fread_nolock MultiByteToWideChar 19388->19389 19390 7ff6ca258dda 19389->19390 19391 7ff6ca258ebc 19390->19391 19392 7ff6ca24f8a0 _fread_nolock MultiByteToWideChar 19390->19392 19391->19387 19393 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19391->19393 19394 7ff6ca258e00 19392->19394 19393->19387 19394->19391 19395 7ff6ca24d5fc _fread_nolock 12 API calls 19394->19395 19396 7ff6ca258e2d 19394->19396 19395->19396 19396->19391 19397 7ff6ca24f8a0 _fread_nolock MultiByteToWideChar 19396->19397 19398 7ff6ca258ea4 19397->19398 19399 7ff6ca258eaa 19398->19399 19400 7ff6ca258ec4 19398->19400 19399->19391 19403 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19399->19403 19407 7ff6ca24ef68 19400->19407 19403->19391 19404 7ff6ca258f03 19404->19387 19406 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19404->19406 19405 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19405->19404 19406->19387 19408 7ff6ca24ed10 __crtLCMapStringW 5 API calls 19407->19408 19409 7ff6ca24efa6 19408->19409 19410 7ff6ca24f1d0 __crtLCMapStringW 5 API calls 19409->19410 19412 7ff6ca24efae 19409->19412 19411 7ff6ca24f017 CompareStringW 19410->19411 19411->19412 19412->19404 19412->19405 19414 7ff6ca257c5a HeapSize 19413->19414 19415 7ff6ca257c41 19413->19415 19416 7ff6ca244f08 memcpy_s 11 API calls 19415->19416 19417 7ff6ca257c46 19416->19417 19418 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 19417->19418 19419 7ff6ca257c51 19418->19419 19419->19063 19421 7ff6ca257c89 19420->19421 19422 7ff6ca257c93 19420->19422 19423 7ff6ca24d5fc _fread_nolock 12 API calls 19421->19423 19424 7ff6ca257c98 19422->19424 19430 7ff6ca257c9f memcpy_s 19422->19430 19429 7ff6ca257c91 19423->19429 19425 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19424->19425 19425->19429 19426 7ff6ca257cd2 HeapReAlloc 19426->19429 19426->19430 19427 7ff6ca257ca5 19428 7ff6ca244f08 memcpy_s 11 API calls 19427->19428 19428->19429 19429->19066 19430->19426 19430->19427 19431 7ff6ca253590 memcpy_s 2 API calls 19430->19431 19431->19430 19433 7ff6ca24ed10 __crtLCMapStringW 5 API calls 19432->19433 19434 7ff6ca24ef44 19433->19434 19434->19072 19436 7ff6ca2454d6 19435->19436 19437 7ff6ca2454fa 19435->19437 19441 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19436->19441 19444 7ff6ca2454e5 19436->19444 19438 7ff6ca2454ff 19437->19438 19439 7ff6ca245554 19437->19439 19442 7ff6ca245514 19438->19442 19438->19444 19445 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19438->19445 19440 7ff6ca24f8a0 _fread_nolock MultiByteToWideChar 19439->19440 19452 7ff6ca245570 19440->19452 19441->19444 19446 7ff6ca24d5fc _fread_nolock 12 API calls 19442->19446 19443 7ff6ca245577 GetLastError 19447 7ff6ca244e7c _fread_nolock 11 API calls 19443->19447 19444->19075 19444->19076 19445->19442 19446->19444 19450 7ff6ca245584 19447->19450 19448 7ff6ca2455b2 19448->19444 19449 7ff6ca24f8a0 _fread_nolock MultiByteToWideChar 19448->19449 19453 7ff6ca2455f6 19449->19453 19454 7ff6ca244f08 memcpy_s 11 API calls 19450->19454 19451 7ff6ca2455a5 19456 7ff6ca24d5fc _fread_nolock 12 API calls 19451->19456 19452->19443 19452->19448 19452->19451 19455 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19452->19455 19453->19443 19453->19444 19454->19444 19455->19451 19456->19448 19458 7ff6ca249225 19457->19458 19465 7ff6ca249221 19457->19465 19478 7ff6ca252a3c GetEnvironmentStringsW 19458->19478 19461 7ff6ca249232 19463 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19461->19463 19462 7ff6ca24923e 19485 7ff6ca24938c 19462->19485 19463->19465 19465->19103 19470 7ff6ca2495cc 19465->19470 19467 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19468 7ff6ca249265 19467->19468 19469 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19468->19469 19469->19465 19471 7ff6ca2495ef 19470->19471 19476 7ff6ca249606 19470->19476 19471->19103 19472 7ff6ca24f8a0 MultiByteToWideChar _fread_nolock 19472->19476 19473 7ff6ca24eb98 memcpy_s 11 API calls 19473->19476 19474 7ff6ca24967a 19475 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19474->19475 19475->19471 19476->19471 19476->19472 19476->19473 19476->19474 19477 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19476->19477 19477->19476 19479 7ff6ca24922a 19478->19479 19480 7ff6ca252a60 19478->19480 19479->19461 19479->19462 19481 7ff6ca24d5fc _fread_nolock 12 API calls 19480->19481 19482 7ff6ca252a97 memcpy_s 19481->19482 19483 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19482->19483 19484 7ff6ca252ab7 FreeEnvironmentStringsW 19483->19484 19484->19479 19486 7ff6ca2493b4 19485->19486 19487 7ff6ca24eb98 memcpy_s 11 API calls 19486->19487 19499 7ff6ca2493ef 19487->19499 19488 7ff6ca2493f7 19489 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19488->19489 19490 7ff6ca249246 19489->19490 19490->19467 19491 7ff6ca249471 19492 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19491->19492 19492->19490 19493 7ff6ca24eb98 memcpy_s 11 API calls 19493->19499 19494 7ff6ca249460 19496 7ff6ca2494a8 11 API calls 19494->19496 19495 7ff6ca250474 37 API calls 19495->19499 19497 7ff6ca249468 19496->19497 19500 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19497->19500 19498 7ff6ca249494 19501 7ff6ca24a900 _isindst 17 API calls 19498->19501 19499->19488 19499->19491 19499->19493 19499->19494 19499->19495 19499->19498 19502 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19499->19502 19500->19488 19503 7ff6ca2494a6 19501->19503 19502->19499 19505 7ff6ca258b31 __crtLCMapStringW 19504->19505 19506 7ff6ca24ef68 6 API calls 19505->19506 19507 7ff6ca2570ee 19505->19507 19506->19507 19507->19130 19507->19131 19639 7ff6ca23cb50 19640 7ff6ca23cb60 19639->19640 19656 7ff6ca249ba8 19640->19656 19642 7ff6ca23cb6c 19662 7ff6ca23ce48 19642->19662 19644 7ff6ca23cbd9 19646 7ff6ca23d12c 7 API calls 19644->19646 19655 7ff6ca23cbf5 19644->19655 19645 7ff6ca23cb84 _RTC_Initialize 19645->19644 19667 7ff6ca23cff8 19645->19667 19647 7ff6ca23cc05 19646->19647 19649 7ff6ca23cb99 19670 7ff6ca249014 19649->19670 19657 7ff6ca249bb9 19656->19657 19658 7ff6ca249bc1 19657->19658 19659 7ff6ca244f08 memcpy_s 11 API calls 19657->19659 19658->19642 19660 7ff6ca249bd0 19659->19660 19661 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 19660->19661 19661->19658 19663 7ff6ca23ce59 19662->19663 19666 7ff6ca23ce5e __scrt_release_startup_lock 19662->19666 19664 7ff6ca23d12c 7 API calls 19663->19664 19663->19666 19665 7ff6ca23ced2 19664->19665 19666->19645 19695 7ff6ca23cfbc 19667->19695 19669 7ff6ca23d001 19669->19649 19671 7ff6ca23cba5 19670->19671 19672 7ff6ca249034 19670->19672 19671->19644 19694 7ff6ca23d0cc InitializeSListHead 19671->19694 19673 7ff6ca24903c 19672->19673 19674 7ff6ca249052 GetModuleFileNameW 19672->19674 19675 7ff6ca244f08 memcpy_s 11 API calls 19673->19675 19678 7ff6ca24907d 19674->19678 19676 7ff6ca249041 19675->19676 19677 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 19676->19677 19677->19671 19710 7ff6ca248fb4 19678->19710 19681 7ff6ca2490c5 19682 7ff6ca244f08 memcpy_s 11 API calls 19681->19682 19683 7ff6ca2490ca 19682->19683 19684 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19683->19684 19684->19671 19685 7ff6ca2490dd 19686 7ff6ca2490ff 19685->19686 19688 7ff6ca24912b 19685->19688 19689 7ff6ca249144 19685->19689 19687 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19686->19687 19687->19671 19690 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19688->19690 19691 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19689->19691 19692 7ff6ca249134 19690->19692 19691->19686 19693 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19692->19693 19693->19671 19696 7ff6ca23cfd6 19695->19696 19698 7ff6ca23cfcf 19695->19698 19699 7ff6ca24a1ec 19696->19699 19698->19669 19702 7ff6ca249e28 19699->19702 19709 7ff6ca2502d8 EnterCriticalSection 19702->19709 19711 7ff6ca248fcc 19710->19711 19712 7ff6ca249004 19710->19712 19711->19712 19713 7ff6ca24eb98 memcpy_s 11 API calls 19711->19713 19712->19681 19712->19685 19714 7ff6ca248ffa 19713->19714 19715 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19714->19715 19715->19712 19716 7ff6ca249d50 19719 7ff6ca249ccc 19716->19719 19726 7ff6ca2502d8 EnterCriticalSection 19719->19726 19833 7ff6ca24afd0 19834 7ff6ca24afd5 19833->19834 19835 7ff6ca24afea 19833->19835 19839 7ff6ca24aff0 19834->19839 19840 7ff6ca24b032 19839->19840 19841 7ff6ca24b03a 19839->19841 19843 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19840->19843 19842 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19841->19842 19844 7ff6ca24b047 19842->19844 19843->19841 19845 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19844->19845 19846 7ff6ca24b054 19845->19846 19847 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19846->19847 19848 7ff6ca24b061 19847->19848 19849 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19848->19849 19850 7ff6ca24b06e 19849->19850 19851 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19850->19851 19852 7ff6ca24b07b 19851->19852 19853 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19852->19853 19854 7ff6ca24b088 19853->19854 19855 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19854->19855 19856 7ff6ca24b095 19855->19856 19857 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19856->19857 19858 7ff6ca24b0a5 19857->19858 19859 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19858->19859 19860 7ff6ca24b0b5 19859->19860 19865 7ff6ca24ae94 19860->19865 19879 7ff6ca2502d8 EnterCriticalSection 19865->19879 16395 7ff6ca23cc3c 16416 7ff6ca23ce0c 16395->16416 16398 7ff6ca23cd88 16570 7ff6ca23d12c IsProcessorFeaturePresent 16398->16570 16399 7ff6ca23cc58 __scrt_acquire_startup_lock 16401 7ff6ca23cd92 16399->16401 16406 7ff6ca23cc76 __scrt_release_startup_lock 16399->16406 16402 7ff6ca23d12c 7 API calls 16401->16402 16404 7ff6ca23cd9d _CreateFrameInfo 16402->16404 16403 7ff6ca23cc9b 16405 7ff6ca23cd21 16422 7ff6ca23d274 16405->16422 16406->16403 16406->16405 16559 7ff6ca249b2c 16406->16559 16408 7ff6ca23cd26 16425 7ff6ca231000 16408->16425 16413 7ff6ca23cd49 16413->16404 16566 7ff6ca23cf90 16413->16566 16417 7ff6ca23ce14 16416->16417 16418 7ff6ca23ce20 __scrt_dllmain_crt_thread_attach 16417->16418 16419 7ff6ca23ce2d 16418->16419 16421 7ff6ca23cc50 16418->16421 16419->16421 16577 7ff6ca23d888 16419->16577 16421->16398 16421->16399 16423 7ff6ca25a4d0 memcpy_s 16422->16423 16424 7ff6ca23d28b GetStartupInfoW 16423->16424 16424->16408 16426 7ff6ca231009 16425->16426 16604 7ff6ca245484 16426->16604 16428 7ff6ca2337fb 16611 7ff6ca2336b0 16428->16611 16433 7ff6ca23c550 _log10_special 8 API calls 16436 7ff6ca233ca7 16433->16436 16434 7ff6ca23383c 16771 7ff6ca231c80 16434->16771 16435 7ff6ca23391b 16780 7ff6ca2345c0 16435->16780 16564 7ff6ca23d2b8 GetModuleHandleW 16436->16564 16439 7ff6ca23385b 16683 7ff6ca238830 16439->16683 16442 7ff6ca23396a 16803 7ff6ca232710 16442->16803 16444 7ff6ca23388e 16452 7ff6ca2338bb __std_exception_copy 16444->16452 16775 7ff6ca2389a0 16444->16775 16446 7ff6ca23395d 16447 7ff6ca233984 16446->16447 16448 7ff6ca233962 16446->16448 16450 7ff6ca231c80 49 API calls 16447->16450 16799 7ff6ca24004c 16448->16799 16453 7ff6ca2339a3 16450->16453 16454 7ff6ca238830 14 API calls 16452->16454 16461 7ff6ca2338de __std_exception_copy 16452->16461 16458 7ff6ca231950 115 API calls 16453->16458 16454->16461 16456 7ff6ca233a0b 16457 7ff6ca2389a0 40 API calls 16456->16457 16459 7ff6ca233a17 16457->16459 16460 7ff6ca2339ce 16458->16460 16462 7ff6ca2389a0 40 API calls 16459->16462 16460->16439 16463 7ff6ca2339de 16460->16463 16467 7ff6ca23390e __std_exception_copy 16461->16467 16814 7ff6ca238940 16461->16814 16464 7ff6ca233a23 16462->16464 16465 7ff6ca232710 54 API calls 16463->16465 16466 7ff6ca2389a0 40 API calls 16464->16466 16507 7ff6ca233808 __std_exception_copy 16465->16507 16466->16467 16468 7ff6ca238830 14 API calls 16467->16468 16469 7ff6ca233a3b 16468->16469 16470 7ff6ca233b2f 16469->16470 16471 7ff6ca233a60 __std_exception_copy 16469->16471 16472 7ff6ca232710 54 API calls 16470->16472 16473 7ff6ca238940 40 API calls 16471->16473 16484 7ff6ca233aab 16471->16484 16472->16507 16473->16484 16474 7ff6ca238830 14 API calls 16475 7ff6ca233bf4 __std_exception_copy 16474->16475 16476 7ff6ca233c46 16475->16476 16477 7ff6ca233d41 16475->16477 16478 7ff6ca233c50 16476->16478 16479 7ff6ca233cd4 16476->16479 16821 7ff6ca2344e0 16477->16821 16696 7ff6ca2390e0 16478->16696 16482 7ff6ca238830 14 API calls 16479->16482 16486 7ff6ca233ce0 16482->16486 16483 7ff6ca233d4f 16487 7ff6ca233d71 16483->16487 16488 7ff6ca233d65 16483->16488 16484->16474 16489 7ff6ca233c61 16486->16489 16492 7ff6ca233ced 16486->16492 16491 7ff6ca231c80 49 API calls 16487->16491 16824 7ff6ca234630 16488->16824 16495 7ff6ca232710 54 API calls 16489->16495 16501 7ff6ca233cc8 __std_exception_copy 16491->16501 16496 7ff6ca231c80 49 API calls 16492->16496 16495->16507 16499 7ff6ca233d0b 16496->16499 16497 7ff6ca233dbc 16746 7ff6ca239390 16497->16746 16499->16501 16502 7ff6ca233d12 16499->16502 16500 7ff6ca233dcf SetDllDirectoryW 16506 7ff6ca233e02 16500->16506 16552 7ff6ca233e52 16500->16552 16501->16497 16503 7ff6ca233da7 LoadLibraryExW 16501->16503 16505 7ff6ca232710 54 API calls 16502->16505 16503->16497 16505->16507 16509 7ff6ca238830 14 API calls 16506->16509 16507->16433 16508 7ff6ca234000 16511 7ff6ca23402d 16508->16511 16512 7ff6ca23400a PostMessageW GetMessageW 16508->16512 16516 7ff6ca233e0e __std_exception_copy 16509->16516 16510 7ff6ca233f13 16751 7ff6ca2333c0 16510->16751 16901 7ff6ca233360 16511->16901 16512->16511 16519 7ff6ca233eea 16516->16519 16523 7ff6ca233e46 16516->16523 16522 7ff6ca238940 40 API calls 16519->16522 16522->16552 16523->16552 16827 7ff6ca236dc0 16523->16827 16552->16508 16552->16510 16560 7ff6ca249b43 16559->16560 16561 7ff6ca249b64 16559->16561 16560->16405 18866 7ff6ca24a3d8 16561->18866 16565 7ff6ca23d2c9 16564->16565 16565->16413 16568 7ff6ca23cfa1 16566->16568 16567 7ff6ca23cd60 16567->16403 16568->16567 16569 7ff6ca23d888 7 API calls 16568->16569 16569->16567 16571 7ff6ca23d152 _isindst memcpy_s 16570->16571 16572 7ff6ca23d171 RtlCaptureContext RtlLookupFunctionEntry 16571->16572 16573 7ff6ca23d1d6 memcpy_s 16572->16573 16574 7ff6ca23d19a RtlVirtualUnwind 16572->16574 16575 7ff6ca23d208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16573->16575 16574->16573 16576 7ff6ca23d256 _isindst 16575->16576 16576->16401 16578 7ff6ca23d89a 16577->16578 16579 7ff6ca23d890 16577->16579 16578->16421 16583 7ff6ca23dc24 16579->16583 16584 7ff6ca23d895 16583->16584 16585 7ff6ca23dc33 16583->16585 16587 7ff6ca23dc90 16584->16587 16591 7ff6ca23de60 16585->16591 16588 7ff6ca23dcbb 16587->16588 16589 7ff6ca23dcbf 16588->16589 16590 7ff6ca23dc9e DeleteCriticalSection 16588->16590 16589->16578 16590->16588 16595 7ff6ca23dcc8 16591->16595 16596 7ff6ca23ddb2 TlsFree 16595->16596 16601 7ff6ca23dd0c __vcrt_InitializeCriticalSectionEx 16595->16601 16597 7ff6ca23dd3a LoadLibraryExW 16598 7ff6ca23ddd9 16597->16598 16599 7ff6ca23dd5b GetLastError 16597->16599 16600 7ff6ca23ddf9 GetProcAddress 16598->16600 16602 7ff6ca23ddf0 FreeLibrary 16598->16602 16599->16601 16600->16596 16601->16596 16601->16597 16601->16600 16603 7ff6ca23dd7d LoadLibraryExW 16601->16603 16602->16600 16603->16598 16603->16601 16607 7ff6ca24f480 16604->16607 16605 7ff6ca24f4d3 16606 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 16605->16606 16610 7ff6ca24f4fc 16606->16610 16607->16605 16608 7ff6ca24f526 16607->16608 16914 7ff6ca24f358 16608->16914 16610->16428 16922 7ff6ca23c850 16611->16922 16614 7ff6ca2336eb GetLastError 16929 7ff6ca232c50 16614->16929 16615 7ff6ca233710 16924 7ff6ca239280 FindFirstFileExW 16615->16924 16619 7ff6ca23377d 16955 7ff6ca239440 16619->16955 16620 7ff6ca233723 16944 7ff6ca239300 CreateFileW 16620->16944 16622 7ff6ca23c550 _log10_special 8 API calls 16625 7ff6ca2337b5 16622->16625 16624 7ff6ca23378b 16629 7ff6ca233706 16624->16629 16631 7ff6ca232810 49 API calls 16624->16631 16625->16507 16633 7ff6ca231950 16625->16633 16627 7ff6ca23374c __vcrt_InitializeCriticalSectionEx 16627->16619 16628 7ff6ca233734 16947 7ff6ca232810 16628->16947 16629->16622 16631->16629 16634 7ff6ca2345c0 108 API calls 16633->16634 16635 7ff6ca231985 16634->16635 16636 7ff6ca231c43 16635->16636 16638 7ff6ca237f90 83 API calls 16635->16638 16637 7ff6ca23c550 _log10_special 8 API calls 16636->16637 16639 7ff6ca231c5e 16637->16639 16640 7ff6ca2319cb 16638->16640 16639->16434 16639->16435 16653 7ff6ca231a03 16640->16653 17319 7ff6ca2406d4 16640->17319 16642 7ff6ca24004c 74 API calls 16642->16636 16643 7ff6ca2319e5 16644 7ff6ca231a08 16643->16644 16645 7ff6ca2319e9 16643->16645 17323 7ff6ca24039c 16644->17323 16646 7ff6ca244f08 memcpy_s 11 API calls 16645->16646 16648 7ff6ca2319ee 16646->16648 17326 7ff6ca232910 16648->17326 16651 7ff6ca231a26 16654 7ff6ca244f08 memcpy_s 11 API calls 16651->16654 16652 7ff6ca231a45 16656 7ff6ca231a5c 16652->16656 16657 7ff6ca231a7b 16652->16657 16653->16642 16655 7ff6ca231a2b 16654->16655 16658 7ff6ca232910 54 API calls 16655->16658 16659 7ff6ca244f08 memcpy_s 11 API calls 16656->16659 16660 7ff6ca231c80 49 API calls 16657->16660 16658->16653 16661 7ff6ca231a61 16659->16661 16662 7ff6ca231a92 16660->16662 16663 7ff6ca232910 54 API calls 16661->16663 16664 7ff6ca231c80 49 API calls 16662->16664 16663->16653 16665 7ff6ca231add 16664->16665 16666 7ff6ca2406d4 73 API calls 16665->16666 16667 7ff6ca231b01 16666->16667 16668 7ff6ca231b16 16667->16668 16669 7ff6ca231b35 16667->16669 16670 7ff6ca244f08 memcpy_s 11 API calls 16668->16670 16671 7ff6ca24039c _fread_nolock 53 API calls 16669->16671 16672 7ff6ca231b1b 16670->16672 16673 7ff6ca231b4a 16671->16673 16674 7ff6ca232910 54 API calls 16672->16674 16675 7ff6ca231b50 16673->16675 16676 7ff6ca231b6f 16673->16676 16674->16653 16677 7ff6ca244f08 memcpy_s 11 API calls 16675->16677 17341 7ff6ca240110 16676->17341 16680 7ff6ca231b55 16677->16680 16681 7ff6ca232910 54 API calls 16680->16681 16681->16653 16682 7ff6ca232710 54 API calls 16682->16653 16684 7ff6ca23883a 16683->16684 16685 7ff6ca239390 2 API calls 16684->16685 16686 7ff6ca238859 GetEnvironmentVariableW 16685->16686 16687 7ff6ca238876 ExpandEnvironmentStringsW 16686->16687 16688 7ff6ca2388c2 16686->16688 16687->16688 16690 7ff6ca238898 16687->16690 16689 7ff6ca23c550 _log10_special 8 API calls 16688->16689 16691 7ff6ca2388d4 16689->16691 16692 7ff6ca239440 2 API calls 16690->16692 16691->16444 16693 7ff6ca2388aa 16692->16693 16694 7ff6ca23c550 _log10_special 8 API calls 16693->16694 16695 7ff6ca2388ba 16694->16695 16695->16444 16697 7ff6ca2390f5 16696->16697 17559 7ff6ca238570 GetCurrentProcess OpenProcessToken 16697->17559 16700 7ff6ca238570 7 API calls 16701 7ff6ca239121 16700->16701 16702 7ff6ca23913a 16701->16702 16703 7ff6ca239154 16701->16703 16704 7ff6ca2326b0 48 API calls 16702->16704 16705 7ff6ca2326b0 48 API calls 16703->16705 16707 7ff6ca239152 16704->16707 16706 7ff6ca239167 LocalFree LocalFree 16705->16706 16708 7ff6ca239183 16706->16708 16710 7ff6ca23918f 16706->16710 16707->16706 17569 7ff6ca232b50 16708->17569 16711 7ff6ca23c550 _log10_special 8 API calls 16710->16711 16712 7ff6ca233c55 16711->16712 16712->16489 16713 7ff6ca238660 16712->16713 16714 7ff6ca238678 16713->16714 16715 7ff6ca23869c 16714->16715 16716 7ff6ca2386fa GetTempPathW GetCurrentProcessId 16714->16716 16718 7ff6ca238830 14 API calls 16715->16718 17578 7ff6ca2325c0 16716->17578 16719 7ff6ca2386a8 16718->16719 17585 7ff6ca2381d0 16719->17585 16725 7ff6ca238728 __std_exception_copy 16733 7ff6ca238765 __std_exception_copy 16725->16733 17582 7ff6ca248b68 16725->17582 16747 7ff6ca2393b2 MultiByteToWideChar 16746->16747 16749 7ff6ca2393d6 16746->16749 16747->16749 16750 7ff6ca2393ec __std_exception_copy 16747->16750 16748 7ff6ca2393f3 MultiByteToWideChar 16748->16750 16749->16748 16749->16750 16750->16500 16762 7ff6ca2333ce memcpy_s 16751->16762 16752 7ff6ca23c550 _log10_special 8 API calls 16754 7ff6ca233664 16752->16754 16753 7ff6ca2335c7 16753->16752 16754->16507 16770 7ff6ca2390c0 LocalFree 16754->16770 16756 7ff6ca231c80 49 API calls 16756->16762 16757 7ff6ca2335e2 16759 7ff6ca232710 54 API calls 16757->16759 16759->16753 16761 7ff6ca2335c9 16765 7ff6ca232710 54 API calls 16761->16765 16762->16753 16762->16756 16762->16757 16762->16761 16764 7ff6ca232a50 54 API calls 16762->16764 16768 7ff6ca2335d0 16762->16768 17774 7ff6ca234560 16762->17774 17780 7ff6ca237e20 16762->17780 17791 7ff6ca231600 16762->17791 17839 7ff6ca237120 16762->17839 17843 7ff6ca234190 16762->17843 17887 7ff6ca234450 16762->17887 16764->16762 16765->16753 16769 7ff6ca232710 54 API calls 16768->16769 16769->16753 16772 7ff6ca231ca5 16771->16772 16773 7ff6ca244984 49 API calls 16772->16773 16774 7ff6ca231cc8 16773->16774 16774->16439 16776 7ff6ca239390 2 API calls 16775->16776 16777 7ff6ca2389b4 16776->16777 16778 7ff6ca248238 38 API calls 16777->16778 16779 7ff6ca2389c6 __std_exception_copy 16778->16779 16779->16452 16781 7ff6ca2345cc 16780->16781 16782 7ff6ca239390 2 API calls 16781->16782 16783 7ff6ca2345f4 16782->16783 16784 7ff6ca239390 2 API calls 16783->16784 16785 7ff6ca234607 16784->16785 18054 7ff6ca245f94 16785->18054 16788 7ff6ca23c550 _log10_special 8 API calls 16789 7ff6ca23392b 16788->16789 16789->16442 16790 7ff6ca237f90 16789->16790 16791 7ff6ca237fb4 16790->16791 16792 7ff6ca2406d4 73 API calls 16791->16792 16797 7ff6ca23808b __std_exception_copy 16791->16797 16793 7ff6ca237fd0 16792->16793 16793->16797 18445 7ff6ca2478c8 16793->18445 16795 7ff6ca2406d4 73 API calls 16798 7ff6ca237fe5 16795->16798 16796 7ff6ca24039c _fread_nolock 53 API calls 16796->16798 16797->16446 16798->16795 16798->16796 16798->16797 16800 7ff6ca24007c 16799->16800 18460 7ff6ca23fe28 16800->18460 16802 7ff6ca240095 16802->16442 16804 7ff6ca23c850 16803->16804 16805 7ff6ca232734 GetCurrentProcessId 16804->16805 16806 7ff6ca231c80 49 API calls 16805->16806 16807 7ff6ca232787 16806->16807 16808 7ff6ca244984 49 API calls 16807->16808 16809 7ff6ca2327cf 16808->16809 16810 7ff6ca232620 12 API calls 16809->16810 16811 7ff6ca2327f1 16810->16811 16812 7ff6ca23c550 _log10_special 8 API calls 16811->16812 16813 7ff6ca232801 16812->16813 16813->16507 16815 7ff6ca239390 2 API calls 16814->16815 16816 7ff6ca23895c 16815->16816 16817 7ff6ca239390 2 API calls 16816->16817 16818 7ff6ca23896c 16817->16818 16819 7ff6ca248238 38 API calls 16818->16819 16820 7ff6ca23897a __std_exception_copy 16819->16820 16820->16456 16822 7ff6ca231c80 49 API calls 16821->16822 16823 7ff6ca2344fd 16822->16823 16823->16483 16825 7ff6ca231c80 49 API calls 16824->16825 16826 7ff6ca234660 16825->16826 16826->16501 16828 7ff6ca236dd5 16827->16828 16829 7ff6ca233e64 16828->16829 16830 7ff6ca244f08 memcpy_s 11 API calls 16828->16830 16833 7ff6ca237340 16829->16833 16831 7ff6ca236de2 16830->16831 16832 7ff6ca232910 54 API calls 16831->16832 16832->16829 18471 7ff6ca231470 16833->18471 18577 7ff6ca236360 16901->18577 16921 7ff6ca24546c EnterCriticalSection 16914->16921 16923 7ff6ca2336bc GetModuleFileNameW 16922->16923 16923->16614 16923->16615 16925 7ff6ca2392d2 16924->16925 16926 7ff6ca2392bf FindClose 16924->16926 16927 7ff6ca23c550 _log10_special 8 API calls 16925->16927 16926->16925 16928 7ff6ca23371a 16927->16928 16928->16619 16928->16620 16930 7ff6ca23c850 16929->16930 16931 7ff6ca232c70 GetCurrentProcessId 16930->16931 16960 7ff6ca2326b0 16931->16960 16933 7ff6ca232cb9 16964 7ff6ca244bd8 16933->16964 16936 7ff6ca2326b0 48 API calls 16937 7ff6ca232d34 FormatMessageW 16936->16937 16939 7ff6ca232d6d 16937->16939 16940 7ff6ca232d7f MessageBoxW 16937->16940 16941 7ff6ca2326b0 48 API calls 16939->16941 16942 7ff6ca23c550 _log10_special 8 API calls 16940->16942 16941->16940 16943 7ff6ca232daf 16942->16943 16943->16629 16945 7ff6ca233730 16944->16945 16946 7ff6ca239340 GetFinalPathNameByHandleW CloseHandle 16944->16946 16945->16627 16945->16628 16946->16945 16948 7ff6ca232834 16947->16948 16949 7ff6ca2326b0 48 API calls 16948->16949 16950 7ff6ca232887 16949->16950 16951 7ff6ca244bd8 48 API calls 16950->16951 16952 7ff6ca2328d0 MessageBoxW 16951->16952 16953 7ff6ca23c550 _log10_special 8 API calls 16952->16953 16954 7ff6ca232900 16953->16954 16954->16629 16956 7ff6ca23946a WideCharToMultiByte 16955->16956 16957 7ff6ca239495 16955->16957 16956->16957 16959 7ff6ca2394ab __std_exception_copy 16956->16959 16958 7ff6ca2394b2 WideCharToMultiByte 16957->16958 16957->16959 16958->16959 16959->16624 16961 7ff6ca2326d5 16960->16961 16962 7ff6ca244bd8 48 API calls 16961->16962 16963 7ff6ca2326f8 16962->16963 16963->16933 16967 7ff6ca244c32 16964->16967 16965 7ff6ca244c57 16966 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 16965->16966 16970 7ff6ca244c81 16966->16970 16967->16965 16968 7ff6ca244c93 16967->16968 16982 7ff6ca242f90 16968->16982 16972 7ff6ca23c550 _log10_special 8 API calls 16970->16972 16971 7ff6ca244d74 16973 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16971->16973 16974 7ff6ca232d04 16972->16974 16973->16970 16974->16936 16976 7ff6ca244d49 16979 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16976->16979 16977 7ff6ca244d9a 16977->16971 16978 7ff6ca244da4 16977->16978 16981 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16978->16981 16979->16970 16980 7ff6ca244d40 16980->16971 16980->16976 16981->16970 16983 7ff6ca242fce 16982->16983 16984 7ff6ca242fbe 16982->16984 16985 7ff6ca242fd7 16983->16985 16990 7ff6ca243005 16983->16990 16986 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 16984->16986 16987 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 16985->16987 16988 7ff6ca242ffd 16986->16988 16987->16988 16988->16971 16988->16976 16988->16977 16988->16980 16990->16984 16990->16988 16993 7ff6ca2439a4 16990->16993 17026 7ff6ca2433f0 16990->17026 17063 7ff6ca242b80 16990->17063 16994 7ff6ca243a57 16993->16994 16995 7ff6ca2439e6 16993->16995 16998 7ff6ca243a5c 16994->16998 16999 7ff6ca243ab0 16994->16999 16996 7ff6ca2439ec 16995->16996 16997 7ff6ca243a81 16995->16997 17000 7ff6ca2439f1 16996->17000 17001 7ff6ca243a20 16996->17001 17086 7ff6ca241d54 16997->17086 17002 7ff6ca243a91 16998->17002 17003 7ff6ca243a5e 16998->17003 17004 7ff6ca243ac7 16999->17004 17005 7ff6ca243aba 16999->17005 17010 7ff6ca243abf 16999->17010 17000->17004 17007 7ff6ca2439f7 17000->17007 17001->17007 17001->17010 17093 7ff6ca241944 17002->17093 17008 7ff6ca243a00 17003->17008 17013 7ff6ca243a6d 17003->17013 17100 7ff6ca2446ac 17004->17100 17005->16997 17005->17010 17007->17008 17014 7ff6ca243a32 17007->17014 17023 7ff6ca243a1b 17007->17023 17024 7ff6ca243af0 17008->17024 17066 7ff6ca244158 17008->17066 17010->17024 17104 7ff6ca242164 17010->17104 17013->16997 17016 7ff6ca243a72 17013->17016 17014->17024 17076 7ff6ca244494 17014->17076 17016->17024 17082 7ff6ca244558 17016->17082 17018 7ff6ca23c550 _log10_special 8 API calls 17020 7ff6ca243dea 17018->17020 17020->16990 17023->17024 17025 7ff6ca243cdc 17023->17025 17111 7ff6ca2447c0 17023->17111 17024->17018 17025->17024 17117 7ff6ca24ea08 17025->17117 17027 7ff6ca2433fe 17026->17027 17028 7ff6ca243414 17026->17028 17029 7ff6ca243454 17027->17029 17030 7ff6ca243a57 17027->17030 17031 7ff6ca2439e6 17027->17031 17028->17029 17032 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17028->17032 17029->16990 17035 7ff6ca243a5c 17030->17035 17036 7ff6ca243ab0 17030->17036 17033 7ff6ca2439ec 17031->17033 17034 7ff6ca243a81 17031->17034 17032->17029 17037 7ff6ca2439f1 17033->17037 17038 7ff6ca243a20 17033->17038 17043 7ff6ca241d54 38 API calls 17034->17043 17039 7ff6ca243a91 17035->17039 17040 7ff6ca243a5e 17035->17040 17041 7ff6ca243ac7 17036->17041 17042 7ff6ca243aba 17036->17042 17047 7ff6ca243abf 17036->17047 17037->17041 17044 7ff6ca2439f7 17037->17044 17038->17044 17038->17047 17049 7ff6ca241944 38 API calls 17039->17049 17045 7ff6ca243a00 17040->17045 17052 7ff6ca243a6d 17040->17052 17048 7ff6ca2446ac 45 API calls 17041->17048 17042->17034 17042->17047 17060 7ff6ca243a1b 17043->17060 17044->17045 17050 7ff6ca243a32 17044->17050 17044->17060 17046 7ff6ca244158 47 API calls 17045->17046 17061 7ff6ca243af0 17045->17061 17046->17060 17051 7ff6ca242164 38 API calls 17047->17051 17047->17061 17048->17060 17049->17060 17053 7ff6ca244494 46 API calls 17050->17053 17050->17061 17051->17060 17052->17034 17054 7ff6ca243a72 17052->17054 17053->17060 17056 7ff6ca244558 37 API calls 17054->17056 17054->17061 17055 7ff6ca23c550 _log10_special 8 API calls 17057 7ff6ca243dea 17055->17057 17056->17060 17057->16990 17058 7ff6ca2447c0 45 API calls 17062 7ff6ca243cdc 17058->17062 17059 7ff6ca24ea08 46 API calls 17059->17062 17060->17058 17060->17061 17060->17062 17061->17055 17062->17059 17062->17061 17302 7ff6ca240fc8 17063->17302 17067 7ff6ca24417e 17066->17067 17129 7ff6ca240b80 17067->17129 17072 7ff6ca2447c0 45 API calls 17073 7ff6ca2442c3 17072->17073 17074 7ff6ca2447c0 45 API calls 17073->17074 17075 7ff6ca244351 17073->17075 17074->17075 17075->17023 17077 7ff6ca2444c9 17076->17077 17078 7ff6ca2444e7 17077->17078 17079 7ff6ca2447c0 45 API calls 17077->17079 17081 7ff6ca24450e 17077->17081 17080 7ff6ca24ea08 46 API calls 17078->17080 17079->17078 17080->17081 17081->17023 17085 7ff6ca244579 17082->17085 17083 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17084 7ff6ca2445aa 17083->17084 17084->17023 17085->17083 17085->17084 17088 7ff6ca241d87 17086->17088 17087 7ff6ca241db6 17092 7ff6ca241df3 17087->17092 17272 7ff6ca240c28 17087->17272 17088->17087 17090 7ff6ca241e73 17088->17090 17091 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17090->17091 17091->17092 17092->17023 17094 7ff6ca241977 17093->17094 17095 7ff6ca2419a6 17094->17095 17097 7ff6ca241a63 17094->17097 17096 7ff6ca240c28 12 API calls 17095->17096 17099 7ff6ca2419e3 17095->17099 17096->17099 17098 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17097->17098 17098->17099 17099->17023 17101 7ff6ca2446ef 17100->17101 17103 7ff6ca2446f3 __crtLCMapStringW 17101->17103 17280 7ff6ca244748 17101->17280 17103->17023 17105 7ff6ca242197 17104->17105 17106 7ff6ca2421c6 17105->17106 17108 7ff6ca242283 17105->17108 17107 7ff6ca240c28 12 API calls 17106->17107 17110 7ff6ca242203 17106->17110 17107->17110 17109 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17108->17109 17109->17110 17110->17023 17112 7ff6ca2447d7 17111->17112 17284 7ff6ca24d9b8 17112->17284 17119 7ff6ca24ea39 17117->17119 17127 7ff6ca24ea47 17117->17127 17118 7ff6ca24ea67 17121 7ff6ca24ea78 17118->17121 17122 7ff6ca24ea9f 17118->17122 17119->17118 17120 7ff6ca2447c0 45 API calls 17119->17120 17119->17127 17120->17118 17292 7ff6ca2500a0 17121->17292 17124 7ff6ca24eb2a 17122->17124 17125 7ff6ca24eac9 17122->17125 17122->17127 17126 7ff6ca24f8a0 _fread_nolock MultiByteToWideChar 17124->17126 17125->17127 17295 7ff6ca24f8a0 17125->17295 17126->17127 17127->17025 17130 7ff6ca240bb7 17129->17130 17136 7ff6ca240ba6 17129->17136 17130->17136 17159 7ff6ca24d5fc 17130->17159 17133 7ff6ca240bf8 17134 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17133->17134 17134->17136 17135 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17135->17133 17137 7ff6ca24e570 17136->17137 17138 7ff6ca24e58d 17137->17138 17139 7ff6ca24e5c0 17137->17139 17140 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17138->17140 17139->17138 17142 7ff6ca24e5f2 17139->17142 17141 7ff6ca2442a1 17140->17141 17141->17072 17141->17073 17148 7ff6ca24e705 17142->17148 17154 7ff6ca24e63a 17142->17154 17143 7ff6ca24e7f7 17199 7ff6ca24da5c 17143->17199 17145 7ff6ca24e7bd 17192 7ff6ca24ddf4 17145->17192 17147 7ff6ca24e78c 17185 7ff6ca24e0d4 17147->17185 17148->17143 17148->17145 17148->17147 17149 7ff6ca24e74f 17148->17149 17151 7ff6ca24e745 17148->17151 17175 7ff6ca24e304 17149->17175 17151->17145 17153 7ff6ca24e74a 17151->17153 17153->17147 17153->17149 17154->17141 17166 7ff6ca24a4a4 17154->17166 17157 7ff6ca24a900 _isindst 17 API calls 17158 7ff6ca24e854 17157->17158 17160 7ff6ca24d647 17159->17160 17164 7ff6ca24d60b memcpy_s 17159->17164 17162 7ff6ca244f08 memcpy_s 11 API calls 17160->17162 17161 7ff6ca24d62e HeapAlloc 17163 7ff6ca240be4 17161->17163 17161->17164 17162->17163 17163->17133 17163->17135 17164->17160 17164->17161 17165 7ff6ca253590 memcpy_s 2 API calls 17164->17165 17165->17164 17167 7ff6ca24a4bb 17166->17167 17168 7ff6ca24a4b1 17166->17168 17169 7ff6ca244f08 memcpy_s 11 API calls 17167->17169 17168->17167 17173 7ff6ca24a4d6 17168->17173 17170 7ff6ca24a4c2 17169->17170 17171 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 17170->17171 17172 7ff6ca24a4ce 17171->17172 17172->17141 17172->17157 17173->17172 17174 7ff6ca244f08 memcpy_s 11 API calls 17173->17174 17174->17170 17208 7ff6ca2540ac 17175->17208 17179 7ff6ca24e3ac 17180 7ff6ca24e3b0 17179->17180 17181 7ff6ca24e401 17179->17181 17183 7ff6ca24e3cc 17179->17183 17180->17141 17261 7ff6ca24def0 17181->17261 17257 7ff6ca24e1ac 17183->17257 17186 7ff6ca2540ac 38 API calls 17185->17186 17187 7ff6ca24e11e 17186->17187 17188 7ff6ca253af4 37 API calls 17187->17188 17189 7ff6ca24e16e 17188->17189 17190 7ff6ca24e172 17189->17190 17191 7ff6ca24e1ac 45 API calls 17189->17191 17190->17141 17191->17190 17193 7ff6ca2540ac 38 API calls 17192->17193 17194 7ff6ca24de3f 17193->17194 17195 7ff6ca253af4 37 API calls 17194->17195 17196 7ff6ca24de97 17195->17196 17197 7ff6ca24de9b 17196->17197 17198 7ff6ca24def0 45 API calls 17196->17198 17197->17141 17198->17197 17200 7ff6ca24dad4 17199->17200 17201 7ff6ca24daa1 17199->17201 17202 7ff6ca24daec 17200->17202 17206 7ff6ca24db6d 17200->17206 17203 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17201->17203 17204 7ff6ca24ddf4 46 API calls 17202->17204 17205 7ff6ca24dacd memcpy_s 17203->17205 17204->17205 17205->17141 17206->17205 17207 7ff6ca2447c0 45 API calls 17206->17207 17207->17205 17209 7ff6ca2540ff fegetenv 17208->17209 17210 7ff6ca257e2c 37 API calls 17209->17210 17213 7ff6ca254152 17210->17213 17211 7ff6ca25417f 17215 7ff6ca24a4a4 __std_exception_copy 37 API calls 17211->17215 17212 7ff6ca254242 17214 7ff6ca257e2c 37 API calls 17212->17214 17213->17212 17218 7ff6ca25421c 17213->17218 17219 7ff6ca25416d 17213->17219 17216 7ff6ca25426c 17214->17216 17217 7ff6ca2541fd 17215->17217 17220 7ff6ca257e2c 37 API calls 17216->17220 17222 7ff6ca255324 17217->17222 17227 7ff6ca254205 17217->17227 17223 7ff6ca24a4a4 __std_exception_copy 37 API calls 17218->17223 17219->17211 17219->17212 17221 7ff6ca25427d 17220->17221 17224 7ff6ca258020 20 API calls 17221->17224 17225 7ff6ca24a900 _isindst 17 API calls 17222->17225 17223->17217 17235 7ff6ca2542e6 memcpy_s 17224->17235 17226 7ff6ca255339 17225->17226 17228 7ff6ca23c550 _log10_special 8 API calls 17227->17228 17229 7ff6ca24e351 17228->17229 17253 7ff6ca253af4 17229->17253 17230 7ff6ca25468f memcpy_s 17231 7ff6ca254327 memcpy_s 17243 7ff6ca254c6b memcpy_s 17231->17243 17248 7ff6ca254783 memcpy_s 17231->17248 17232 7ff6ca2549cf 17233 7ff6ca253c10 37 API calls 17232->17233 17241 7ff6ca2550e7 17233->17241 17234 7ff6ca25497b 17234->17232 17236 7ff6ca25533c memcpy_s 37 API calls 17234->17236 17235->17230 17235->17231 17237 7ff6ca244f08 memcpy_s 11 API calls 17235->17237 17236->17232 17238 7ff6ca254760 17237->17238 17239 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 17238->17239 17239->17231 17240 7ff6ca255142 17242 7ff6ca2552c8 17240->17242 17249 7ff6ca253c10 37 API calls 17240->17249 17252 7ff6ca25533c memcpy_s 37 API calls 17240->17252 17241->17240 17244 7ff6ca25533c memcpy_s 37 API calls 17241->17244 17245 7ff6ca257e2c 37 API calls 17242->17245 17243->17232 17243->17234 17246 7ff6ca244f08 11 API calls memcpy_s 17243->17246 17250 7ff6ca24a8e0 37 API calls _invalid_parameter_noinfo 17243->17250 17244->17240 17245->17227 17246->17243 17247 7ff6ca244f08 11 API calls memcpy_s 17247->17248 17248->17234 17248->17247 17251 7ff6ca24a8e0 37 API calls _invalid_parameter_noinfo 17248->17251 17249->17240 17250->17243 17251->17248 17252->17240 17254 7ff6ca253b13 17253->17254 17255 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17254->17255 17256 7ff6ca253b3e memcpy_s 17254->17256 17255->17256 17256->17179 17258 7ff6ca24e1d8 memcpy_s 17257->17258 17258->17258 17259 7ff6ca2447c0 45 API calls 17258->17259 17260 7ff6ca24e292 memcpy_s 17258->17260 17259->17260 17260->17180 17262 7ff6ca24df2b 17261->17262 17267 7ff6ca24df78 memcpy_s 17261->17267 17263 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17262->17263 17264 7ff6ca24df57 17263->17264 17264->17180 17265 7ff6ca24dfe3 17266 7ff6ca24a4a4 __std_exception_copy 37 API calls 17265->17266 17268 7ff6ca24e025 memcpy_s 17266->17268 17267->17265 17269 7ff6ca2447c0 45 API calls 17267->17269 17270 7ff6ca24a900 _isindst 17 API calls 17268->17270 17269->17265 17271 7ff6ca24e0d0 17270->17271 17273 7ff6ca240c5f 17272->17273 17274 7ff6ca240c4e 17272->17274 17273->17274 17275 7ff6ca24d5fc _fread_nolock 12 API calls 17273->17275 17274->17092 17276 7ff6ca240c90 17275->17276 17277 7ff6ca240ca4 17276->17277 17278 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17276->17278 17279 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17277->17279 17278->17277 17279->17274 17281 7ff6ca244766 17280->17281 17282 7ff6ca24476e 17280->17282 17283 7ff6ca2447c0 45 API calls 17281->17283 17282->17103 17283->17282 17285 7ff6ca2447ff 17284->17285 17286 7ff6ca24d9d1 17284->17286 17288 7ff6ca24da24 17285->17288 17286->17285 17287 7ff6ca253304 45 API calls 17286->17287 17287->17285 17289 7ff6ca24da3d 17288->17289 17290 7ff6ca24480f 17288->17290 17289->17290 17291 7ff6ca252650 45 API calls 17289->17291 17290->17025 17291->17290 17298 7ff6ca256d88 17292->17298 17296 7ff6ca24f8a9 MultiByteToWideChar 17295->17296 17301 7ff6ca256dec 17298->17301 17299 7ff6ca23c550 _log10_special 8 API calls 17300 7ff6ca2500bd 17299->17300 17300->17127 17301->17299 17303 7ff6ca240ffd 17302->17303 17304 7ff6ca24100f 17302->17304 17305 7ff6ca244f08 memcpy_s 11 API calls 17303->17305 17307 7ff6ca24101d 17304->17307 17310 7ff6ca241059 17304->17310 17306 7ff6ca241002 17305->17306 17308 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 17306->17308 17309 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17307->17309 17316 7ff6ca24100d 17308->17316 17309->17316 17311 7ff6ca2413d5 17310->17311 17312 7ff6ca244f08 memcpy_s 11 API calls 17310->17312 17313 7ff6ca244f08 memcpy_s 11 API calls 17311->17313 17311->17316 17315 7ff6ca2413ca 17312->17315 17314 7ff6ca241669 17313->17314 17317 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 17314->17317 17318 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 17315->17318 17316->16990 17317->17316 17318->17311 17320 7ff6ca240704 17319->17320 17347 7ff6ca240464 17320->17347 17322 7ff6ca24071d 17322->16643 17359 7ff6ca2403bc 17323->17359 17327 7ff6ca23c850 17326->17327 17328 7ff6ca232930 GetCurrentProcessId 17327->17328 17329 7ff6ca231c80 49 API calls 17328->17329 17330 7ff6ca232979 17329->17330 17373 7ff6ca244984 17330->17373 17335 7ff6ca231c80 49 API calls 17336 7ff6ca2329ff 17335->17336 17403 7ff6ca232620 17336->17403 17339 7ff6ca23c550 _log10_special 8 API calls 17340 7ff6ca232a31 17339->17340 17340->16653 17342 7ff6ca240119 17341->17342 17343 7ff6ca231b89 17341->17343 17344 7ff6ca244f08 memcpy_s 11 API calls 17342->17344 17343->16653 17343->16682 17345 7ff6ca24011e 17344->17345 17346 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 17345->17346 17346->17343 17348 7ff6ca2404ce 17347->17348 17349 7ff6ca24048e 17347->17349 17348->17349 17350 7ff6ca2404da 17348->17350 17351 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17349->17351 17358 7ff6ca24546c EnterCriticalSection 17350->17358 17352 7ff6ca2404b5 17351->17352 17352->17322 17360 7ff6ca2403e6 17359->17360 17371 7ff6ca231a20 17359->17371 17361 7ff6ca2403f5 memcpy_s 17360->17361 17362 7ff6ca240432 17360->17362 17360->17371 17365 7ff6ca244f08 memcpy_s 11 API calls 17361->17365 17372 7ff6ca24546c EnterCriticalSection 17362->17372 17367 7ff6ca24040a 17365->17367 17369 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 17367->17369 17369->17371 17371->16651 17371->16652 17374 7ff6ca2449de 17373->17374 17375 7ff6ca244a03 17374->17375 17377 7ff6ca244a3f 17374->17377 17376 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17375->17376 17379 7ff6ca244a2d 17376->17379 17412 7ff6ca242c10 17377->17412 17381 7ff6ca23c550 _log10_special 8 API calls 17379->17381 17380 7ff6ca244b1c 17382 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17380->17382 17383 7ff6ca2329c3 17381->17383 17382->17379 17391 7ff6ca245160 17383->17391 17385 7ff6ca244af1 17388 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17385->17388 17386 7ff6ca244b40 17386->17380 17387 7ff6ca244b4a 17386->17387 17390 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17387->17390 17388->17379 17389 7ff6ca244ae8 17389->17380 17389->17385 17390->17379 17392 7ff6ca24b2c8 memcpy_s 11 API calls 17391->17392 17393 7ff6ca245177 17392->17393 17394 7ff6ca2451b7 17393->17394 17395 7ff6ca24eb98 memcpy_s 11 API calls 17393->17395 17400 7ff6ca2329e5 17393->17400 17394->17400 17550 7ff6ca24ec20 17394->17550 17396 7ff6ca2451ac 17395->17396 17397 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17396->17397 17397->17394 17400->17335 17401 7ff6ca24a900 _isindst 17 API calls 17402 7ff6ca2451fc 17401->17402 17404 7ff6ca23262f 17403->17404 17405 7ff6ca239390 2 API calls 17404->17405 17406 7ff6ca232660 17405->17406 17407 7ff6ca23266f MessageBoxW 17406->17407 17408 7ff6ca232683 MessageBoxA 17406->17408 17409 7ff6ca232690 17407->17409 17408->17409 17410 7ff6ca23c550 _log10_special 8 API calls 17409->17410 17411 7ff6ca2326a0 17410->17411 17411->17339 17413 7ff6ca242c4e 17412->17413 17414 7ff6ca242c3e 17412->17414 17415 7ff6ca242c57 17413->17415 17422 7ff6ca242c85 17413->17422 17418 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17414->17418 17416 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17415->17416 17417 7ff6ca242c7d 17416->17417 17417->17380 17417->17385 17417->17386 17417->17389 17418->17417 17419 7ff6ca2447c0 45 API calls 17419->17422 17420 7ff6ca242f34 17424 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17420->17424 17422->17414 17422->17417 17422->17419 17422->17420 17426 7ff6ca2435a0 17422->17426 17452 7ff6ca243268 17422->17452 17482 7ff6ca242af0 17422->17482 17424->17414 17427 7ff6ca243655 17426->17427 17428 7ff6ca2435e2 17426->17428 17431 7ff6ca24365a 17427->17431 17432 7ff6ca2436af 17427->17432 17429 7ff6ca2435e8 17428->17429 17430 7ff6ca24367f 17428->17430 17439 7ff6ca2435ed 17429->17439 17443 7ff6ca2436be 17429->17443 17499 7ff6ca241b50 17430->17499 17433 7ff6ca24365c 17431->17433 17434 7ff6ca24368f 17431->17434 17432->17430 17432->17443 17450 7ff6ca243618 17432->17450 17436 7ff6ca2435fd 17433->17436 17442 7ff6ca24366b 17433->17442 17506 7ff6ca241740 17434->17506 17451 7ff6ca2436ed 17436->17451 17485 7ff6ca243f04 17436->17485 17439->17436 17441 7ff6ca243630 17439->17441 17439->17450 17441->17451 17495 7ff6ca2443c0 17441->17495 17442->17430 17445 7ff6ca243670 17442->17445 17443->17451 17513 7ff6ca241f60 17443->17513 17447 7ff6ca244558 37 API calls 17445->17447 17445->17451 17446 7ff6ca23c550 _log10_special 8 API calls 17448 7ff6ca243983 17446->17448 17447->17450 17448->17422 17450->17451 17520 7ff6ca24e858 17450->17520 17451->17446 17453 7ff6ca243289 17452->17453 17454 7ff6ca243273 17452->17454 17457 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17453->17457 17465 7ff6ca2432c7 17453->17465 17455 7ff6ca243655 17454->17455 17456 7ff6ca2435e2 17454->17456 17454->17465 17460 7ff6ca24365a 17455->17460 17461 7ff6ca2436af 17455->17461 17458 7ff6ca2435e8 17456->17458 17459 7ff6ca24367f 17456->17459 17457->17465 17468 7ff6ca2435ed 17458->17468 17472 7ff6ca2436be 17458->17472 17464 7ff6ca241b50 38 API calls 17459->17464 17462 7ff6ca24365c 17460->17462 17463 7ff6ca24368f 17460->17463 17461->17459 17461->17472 17481 7ff6ca243618 17461->17481 17470 7ff6ca24366b 17462->17470 17474 7ff6ca2435fd 17462->17474 17466 7ff6ca241740 38 API calls 17463->17466 17464->17481 17465->17422 17466->17481 17467 7ff6ca243f04 47 API calls 17467->17481 17471 7ff6ca243630 17468->17471 17468->17474 17468->17481 17469 7ff6ca241f60 38 API calls 17469->17481 17470->17459 17475 7ff6ca243670 17470->17475 17473 7ff6ca2443c0 47 API calls 17471->17473 17479 7ff6ca2436ed 17471->17479 17472->17469 17472->17479 17473->17481 17474->17467 17474->17479 17477 7ff6ca244558 37 API calls 17475->17477 17475->17479 17476 7ff6ca23c550 _log10_special 8 API calls 17478 7ff6ca243983 17476->17478 17477->17481 17478->17422 17479->17476 17480 7ff6ca24e858 47 API calls 17480->17481 17481->17479 17481->17480 17533 7ff6ca240d14 17482->17533 17486 7ff6ca243f26 17485->17486 17487 7ff6ca240b80 12 API calls 17486->17487 17488 7ff6ca243f6e 17487->17488 17489 7ff6ca24e570 46 API calls 17488->17489 17490 7ff6ca244041 17489->17490 17491 7ff6ca244063 17490->17491 17493 7ff6ca2447c0 45 API calls 17490->17493 17492 7ff6ca2440ec 17491->17492 17494 7ff6ca2447c0 45 API calls 17491->17494 17492->17450 17493->17491 17494->17492 17496 7ff6ca2443d8 17495->17496 17498 7ff6ca244440 17495->17498 17497 7ff6ca24e858 47 API calls 17496->17497 17496->17498 17497->17498 17498->17450 17500 7ff6ca241b83 17499->17500 17501 7ff6ca241bb2 17500->17501 17503 7ff6ca241c6f 17500->17503 17502 7ff6ca240b80 12 API calls 17501->17502 17505 7ff6ca241bef 17501->17505 17502->17505 17504 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17503->17504 17504->17505 17505->17450 17507 7ff6ca241773 17506->17507 17508 7ff6ca2417a2 17507->17508 17511 7ff6ca24185f 17507->17511 17509 7ff6ca2417df 17508->17509 17510 7ff6ca240b80 12 API calls 17508->17510 17509->17450 17510->17509 17512 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17511->17512 17512->17509 17515 7ff6ca241f93 17513->17515 17514 7ff6ca241fc2 17516 7ff6ca240b80 12 API calls 17514->17516 17519 7ff6ca241fff 17514->17519 17515->17514 17517 7ff6ca24207f 17515->17517 17516->17519 17518 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17517->17518 17518->17519 17519->17450 17522 7ff6ca24e880 17520->17522 17521 7ff6ca24e8c5 17523 7ff6ca24e885 memcpy_s 17521->17523 17526 7ff6ca24e8ae memcpy_s 17521->17526 17530 7ff6ca2507e8 17521->17530 17522->17521 17522->17523 17525 7ff6ca2447c0 45 API calls 17522->17525 17522->17526 17523->17450 17524 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17524->17523 17525->17521 17526->17523 17526->17524 17532 7ff6ca25080c WideCharToMultiByte 17530->17532 17534 7ff6ca240d41 17533->17534 17535 7ff6ca240d53 17533->17535 17536 7ff6ca244f08 memcpy_s 11 API calls 17534->17536 17538 7ff6ca240d60 17535->17538 17541 7ff6ca240d9d 17535->17541 17537 7ff6ca240d46 17536->17537 17539 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 17537->17539 17540 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 17538->17540 17542 7ff6ca240d51 17539->17542 17540->17542 17543 7ff6ca240e46 17541->17543 17544 7ff6ca244f08 memcpy_s 11 API calls 17541->17544 17542->17422 17543->17542 17545 7ff6ca244f08 memcpy_s 11 API calls 17543->17545 17546 7ff6ca240e3b 17544->17546 17547 7ff6ca240ef0 17545->17547 17548 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 17546->17548 17549 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 17547->17549 17548->17543 17549->17542 17554 7ff6ca24ec3d 17550->17554 17551 7ff6ca24ec42 17552 7ff6ca2451dd 17551->17552 17553 7ff6ca244f08 memcpy_s 11 API calls 17551->17553 17552->17400 17552->17401 17555 7ff6ca24ec4c 17553->17555 17554->17551 17554->17552 17557 7ff6ca24ec8c 17554->17557 17556 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 17555->17556 17556->17552 17557->17552 17558 7ff6ca244f08 memcpy_s 11 API calls 17557->17558 17558->17555 17560 7ff6ca2385b1 GetTokenInformation 17559->17560 17563 7ff6ca238633 __std_exception_copy 17559->17563 17561 7ff6ca2385dd 17560->17561 17562 7ff6ca2385d2 GetLastError 17560->17562 17561->17563 17566 7ff6ca2385f9 GetTokenInformation 17561->17566 17562->17561 17562->17563 17564 7ff6ca238646 CloseHandle 17563->17564 17565 7ff6ca23864c 17563->17565 17564->17565 17565->16700 17566->17563 17567 7ff6ca23861c 17566->17567 17567->17563 17568 7ff6ca238626 ConvertSidToStringSidW 17567->17568 17568->17563 17570 7ff6ca23c850 17569->17570 17571 7ff6ca232b74 GetCurrentProcessId 17570->17571 17572 7ff6ca2326b0 48 API calls 17571->17572 17573 7ff6ca232bc7 17572->17573 17574 7ff6ca244bd8 48 API calls 17573->17574 17575 7ff6ca232c10 MessageBoxW 17574->17575 17576 7ff6ca23c550 _log10_special 8 API calls 17575->17576 17577 7ff6ca232c40 17576->17577 17577->16710 17579 7ff6ca2325e5 17578->17579 17580 7ff6ca244bd8 48 API calls 17579->17580 17581 7ff6ca232604 17580->17581 17581->16725 17586 7ff6ca2381dc 17585->17586 17587 7ff6ca239390 2 API calls 17586->17587 17588 7ff6ca2381fb 17587->17588 17775 7ff6ca23456a 17774->17775 17776 7ff6ca239390 2 API calls 17775->17776 17777 7ff6ca23458f 17776->17777 17778 7ff6ca23c550 _log10_special 8 API calls 17777->17778 17779 7ff6ca2345b7 17778->17779 17779->16762 17782 7ff6ca237e2e 17780->17782 17781 7ff6ca237f52 17784 7ff6ca23c550 _log10_special 8 API calls 17781->17784 17782->17781 17783 7ff6ca231c80 49 API calls 17782->17783 17787 7ff6ca237eb5 17783->17787 17785 7ff6ca237f83 17784->17785 17785->16762 17786 7ff6ca231c80 49 API calls 17786->17787 17787->17781 17787->17786 17788 7ff6ca234560 10 API calls 17787->17788 17789 7ff6ca239390 2 API calls 17787->17789 17788->17787 17790 7ff6ca237f23 CreateDirectoryW 17789->17790 17790->17781 17790->17787 17792 7ff6ca231637 17791->17792 17793 7ff6ca231613 17791->17793 17795 7ff6ca2345c0 108 API calls 17792->17795 17912 7ff6ca231050 17793->17912 17797 7ff6ca23164b 17795->17797 17799 7ff6ca231682 17797->17799 17800 7ff6ca231653 17797->17800 17801 7ff6ca2345c0 108 API calls 17799->17801 17803 7ff6ca244f08 memcpy_s 11 API calls 17800->17803 17805 7ff6ca231696 17801->17805 17804 7ff6ca231658 17803->17804 17840 7ff6ca23718b 17839->17840 17842 7ff6ca237144 17839->17842 17840->16762 17842->17840 17976 7ff6ca245024 17842->17976 17844 7ff6ca2341a1 17843->17844 17845 7ff6ca2344e0 49 API calls 17844->17845 17846 7ff6ca2341db 17845->17846 17847 7ff6ca2344e0 49 API calls 17846->17847 17848 7ff6ca2341eb 17847->17848 17849 7ff6ca23423c 17848->17849 17850 7ff6ca23420d 17848->17850 17888 7ff6ca231c80 49 API calls 17887->17888 17889 7ff6ca234474 17888->17889 17889->16762 17913 7ff6ca2345c0 108 API calls 17912->17913 17914 7ff6ca23108c 17913->17914 17915 7ff6ca2310a9 17914->17915 17916 7ff6ca231094 17914->17916 17918 7ff6ca2406d4 73 API calls 17915->17918 17917 7ff6ca232710 54 API calls 17916->17917 17977 7ff6ca245031 17976->17977 17978 7ff6ca24505e 17976->17978 17979 7ff6ca244f08 memcpy_s 11 API calls 17977->17979 17988 7ff6ca244fe8 17977->17988 17980 7ff6ca245081 17978->17980 17983 7ff6ca24509d 17978->17983 17981 7ff6ca24503b 17979->17981 17982 7ff6ca244f08 memcpy_s 11 API calls 17980->17982 17984 7ff6ca244f4c 45 API calls 17983->17984 17990 7ff6ca245091 17984->17990 17988->17842 17990->17842 18055 7ff6ca245ec8 18054->18055 18056 7ff6ca245eee 18055->18056 18059 7ff6ca245f21 18055->18059 18057 7ff6ca244f08 memcpy_s 11 API calls 18056->18057 18058 7ff6ca245ef3 18057->18058 18060 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 18058->18060 18061 7ff6ca245f27 18059->18061 18062 7ff6ca245f34 18059->18062 18063 7ff6ca234616 18060->18063 18064 7ff6ca244f08 memcpy_s 11 API calls 18061->18064 18073 7ff6ca24ac28 18062->18073 18063->16788 18064->18063 18086 7ff6ca2502d8 EnterCriticalSection 18073->18086 18446 7ff6ca2478f8 18445->18446 18449 7ff6ca2473d4 18446->18449 18448 7ff6ca247911 18448->16798 18450 7ff6ca2473ef 18449->18450 18451 7ff6ca24741e 18449->18451 18452 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 18450->18452 18459 7ff6ca24546c EnterCriticalSection 18451->18459 18454 7ff6ca24740f 18452->18454 18454->18448 18461 7ff6ca23fe71 18460->18461 18462 7ff6ca23fe43 18460->18462 18463 7ff6ca23fe63 18461->18463 18470 7ff6ca24546c EnterCriticalSection 18461->18470 18464 7ff6ca24a814 _invalid_parameter_noinfo 37 API calls 18462->18464 18463->16802 18464->18463 18472 7ff6ca2345c0 108 API calls 18471->18472 18473 7ff6ca231493 18472->18473 18578 7ff6ca236375 18577->18578 18579 7ff6ca231c80 49 API calls 18578->18579 18580 7ff6ca2363b1 18579->18580 18581 7ff6ca2363dd 18580->18581 18582 7ff6ca2363ba 18580->18582 18584 7ff6ca234630 49 API calls 18581->18584 18583 7ff6ca232710 54 API calls 18582->18583 18600 7ff6ca2363d3 18583->18600 18585 7ff6ca2363f5 18584->18585 18867 7ff6ca24b150 _CreateFrameInfo 45 API calls 18866->18867 18868 7ff6ca24a3e1 18867->18868 18869 7ff6ca24a504 _CreateFrameInfo 45 API calls 18868->18869 18870 7ff6ca24a401 18869->18870 15898 7ff6ca245628 15899 7ff6ca24565f 15898->15899 15900 7ff6ca245642 15898->15900 15899->15900 15901 7ff6ca245672 CreateFileW 15899->15901 15949 7ff6ca244ee8 15900->15949 15903 7ff6ca2456a6 15901->15903 15904 7ff6ca2456dc 15901->15904 15923 7ff6ca24577c GetFileType 15903->15923 15958 7ff6ca245c04 15904->15958 15913 7ff6ca2456bb CloseHandle 15918 7ff6ca24565a 15913->15918 15914 7ff6ca2456d1 CloseHandle 15914->15918 15915 7ff6ca245710 15984 7ff6ca2459c4 15915->15984 15916 7ff6ca2456e5 15979 7ff6ca244e7c 15916->15979 15922 7ff6ca2456ef 15922->15918 15924 7ff6ca245887 15923->15924 15925 7ff6ca2457ca 15923->15925 15926 7ff6ca2458b1 15924->15926 15927 7ff6ca24588f 15924->15927 15928 7ff6ca2457f6 GetFileInformationByHandle 15925->15928 15933 7ff6ca245b00 21 API calls 15925->15933 15932 7ff6ca2458d4 PeekNamedPipe 15926->15932 15938 7ff6ca245872 15926->15938 15929 7ff6ca245893 15927->15929 15930 7ff6ca2458a2 GetLastError 15927->15930 15928->15930 15931 7ff6ca24581f 15928->15931 15934 7ff6ca244f08 memcpy_s 11 API calls 15929->15934 15936 7ff6ca244e7c _fread_nolock 11 API calls 15930->15936 15935 7ff6ca2459c4 51 API calls 15931->15935 15932->15938 15937 7ff6ca2457e4 15933->15937 15934->15938 15939 7ff6ca24582a 15935->15939 15936->15938 15937->15928 15937->15938 16008 7ff6ca23c550 15938->16008 16001 7ff6ca245924 15939->16001 15944 7ff6ca245924 10 API calls 15945 7ff6ca245849 15944->15945 15946 7ff6ca245924 10 API calls 15945->15946 15947 7ff6ca24585a 15946->15947 15947->15938 15948 7ff6ca244f08 memcpy_s 11 API calls 15947->15948 15948->15938 16022 7ff6ca24b2c8 GetLastError 15949->16022 15951 7ff6ca244ef1 15952 7ff6ca244f08 15951->15952 15953 7ff6ca24b2c8 memcpy_s 11 API calls 15952->15953 15954 7ff6ca244f11 15953->15954 15955 7ff6ca24a8e0 15954->15955 16080 7ff6ca24a778 15955->16080 15957 7ff6ca24a8f9 15957->15918 15959 7ff6ca245c3a 15958->15959 15960 7ff6ca244f08 memcpy_s 11 API calls 15959->15960 15978 7ff6ca245cd2 __std_exception_copy 15959->15978 15962 7ff6ca245c4c 15960->15962 15961 7ff6ca23c550 _log10_special 8 API calls 15963 7ff6ca2456e1 15961->15963 15964 7ff6ca244f08 memcpy_s 11 API calls 15962->15964 15963->15915 15963->15916 15965 7ff6ca245c54 15964->15965 16132 7ff6ca247e08 15965->16132 15967 7ff6ca245c69 15968 7ff6ca245c7b 15967->15968 15969 7ff6ca245c71 15967->15969 15970 7ff6ca244f08 memcpy_s 11 API calls 15968->15970 15971 7ff6ca244f08 memcpy_s 11 API calls 15969->15971 15972 7ff6ca245c80 15970->15972 15975 7ff6ca245c76 15971->15975 15973 7ff6ca244f08 memcpy_s 11 API calls 15972->15973 15972->15978 15974 7ff6ca245c8a 15973->15974 15976 7ff6ca247e08 45 API calls 15974->15976 15977 7ff6ca245cc4 GetDriveTypeW 15975->15977 15975->15978 15976->15975 15977->15978 15978->15961 15980 7ff6ca24b2c8 memcpy_s 11 API calls 15979->15980 15981 7ff6ca244e89 Concurrency::details::SchedulerProxy::DeleteThis 15980->15981 15982 7ff6ca24b2c8 memcpy_s 11 API calls 15981->15982 15983 7ff6ca244eab 15982->15983 15983->15922 15986 7ff6ca2459ec 15984->15986 15985 7ff6ca24571d 15994 7ff6ca245b00 15985->15994 15986->15985 16226 7ff6ca24f724 15986->16226 15988 7ff6ca245a80 15988->15985 15989 7ff6ca24f724 51 API calls 15988->15989 15990 7ff6ca245a93 15989->15990 15990->15985 15991 7ff6ca24f724 51 API calls 15990->15991 15992 7ff6ca245aa6 15991->15992 15992->15985 15993 7ff6ca24f724 51 API calls 15992->15993 15993->15985 15995 7ff6ca245b1a 15994->15995 15996 7ff6ca245b51 15995->15996 15997 7ff6ca245b2a 15995->15997 15998 7ff6ca24f5b8 21 API calls 15996->15998 15999 7ff6ca244e7c _fread_nolock 11 API calls 15997->15999 16000 7ff6ca245b3a 15997->16000 15998->16000 15999->16000 16000->15922 16002 7ff6ca24594d FileTimeToSystemTime 16001->16002 16003 7ff6ca245940 16001->16003 16004 7ff6ca245961 SystemTimeToTzSpecificLocalTime 16002->16004 16005 7ff6ca245948 16002->16005 16003->16002 16003->16005 16004->16005 16006 7ff6ca23c550 _log10_special 8 API calls 16005->16006 16007 7ff6ca245839 16006->16007 16007->15944 16009 7ff6ca23c559 16008->16009 16010 7ff6ca23c564 16009->16010 16011 7ff6ca23c8e0 IsProcessorFeaturePresent 16009->16011 16010->15913 16010->15914 16012 7ff6ca23c8f8 16011->16012 16017 7ff6ca23cad8 RtlCaptureContext 16012->16017 16018 7ff6ca23caf2 RtlLookupFunctionEntry 16017->16018 16019 7ff6ca23cb08 RtlVirtualUnwind 16018->16019 16020 7ff6ca23c90b 16018->16020 16019->16018 16019->16020 16021 7ff6ca23c8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16020->16021 16023 7ff6ca24b309 FlsSetValue 16022->16023 16025 7ff6ca24b2ec 16022->16025 16024 7ff6ca24b31b 16023->16024 16036 7ff6ca24b2f9 SetLastError 16023->16036 16039 7ff6ca24eb98 16024->16039 16025->16023 16025->16036 16029 7ff6ca24b348 FlsSetValue 16031 7ff6ca24b366 16029->16031 16032 7ff6ca24b354 FlsSetValue 16029->16032 16030 7ff6ca24b338 FlsSetValue 16033 7ff6ca24b341 16030->16033 16052 7ff6ca24aef4 16031->16052 16032->16033 16046 7ff6ca24a948 16033->16046 16036->15951 16044 7ff6ca24eba9 memcpy_s 16039->16044 16040 7ff6ca24ebde HeapAlloc 16042 7ff6ca24b32a 16040->16042 16040->16044 16041 7ff6ca24ebfa 16043 7ff6ca244f08 memcpy_s 10 API calls 16041->16043 16042->16029 16042->16030 16043->16042 16044->16040 16044->16041 16057 7ff6ca253590 16044->16057 16047 7ff6ca24a94d RtlFreeHeap 16046->16047 16048 7ff6ca24a97c 16046->16048 16047->16048 16049 7ff6ca24a968 GetLastError 16047->16049 16048->16036 16050 7ff6ca24a975 Concurrency::details::SchedulerProxy::DeleteThis 16049->16050 16051 7ff6ca244f08 memcpy_s 9 API calls 16050->16051 16051->16048 16066 7ff6ca24adcc 16052->16066 16060 7ff6ca2535d0 16057->16060 16065 7ff6ca2502d8 EnterCriticalSection 16060->16065 16078 7ff6ca2502d8 EnterCriticalSection 16066->16078 16081 7ff6ca24a7a3 16080->16081 16084 7ff6ca24a814 16081->16084 16083 7ff6ca24a7ca 16083->15957 16094 7ff6ca24a55c 16084->16094 16087 7ff6ca24a84f 16087->16083 16095 7ff6ca24a578 GetLastError 16094->16095 16096 7ff6ca24a5b3 16094->16096 16097 7ff6ca24a588 16095->16097 16096->16087 16100 7ff6ca24a5c8 16096->16100 16107 7ff6ca24b390 16097->16107 16101 7ff6ca24a5fc 16100->16101 16102 7ff6ca24a5e4 GetLastError SetLastError 16100->16102 16101->16087 16103 7ff6ca24a900 IsProcessorFeaturePresent 16101->16103 16102->16101 16104 7ff6ca24a913 16103->16104 16124 7ff6ca24a614 16104->16124 16108 7ff6ca24b3ca FlsSetValue 16107->16108 16109 7ff6ca24b3af FlsGetValue 16107->16109 16110 7ff6ca24a5a3 SetLastError 16108->16110 16112 7ff6ca24b3d7 16108->16112 16109->16110 16111 7ff6ca24b3c4 16109->16111 16110->16096 16111->16108 16113 7ff6ca24eb98 memcpy_s 11 API calls 16112->16113 16114 7ff6ca24b3e6 16113->16114 16115 7ff6ca24b404 FlsSetValue 16114->16115 16116 7ff6ca24b3f4 FlsSetValue 16114->16116 16118 7ff6ca24b422 16115->16118 16119 7ff6ca24b410 FlsSetValue 16115->16119 16117 7ff6ca24b3fd 16116->16117 16121 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16117->16121 16120 7ff6ca24aef4 memcpy_s 11 API calls 16118->16120 16119->16117 16122 7ff6ca24b42a 16120->16122 16121->16110 16123 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16122->16123 16123->16110 16125 7ff6ca24a64e _isindst memcpy_s 16124->16125 16126 7ff6ca24a676 RtlCaptureContext RtlLookupFunctionEntry 16125->16126 16127 7ff6ca24a6e6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16126->16127 16128 7ff6ca24a6b0 RtlVirtualUnwind 16126->16128 16129 7ff6ca24a738 _isindst 16127->16129 16128->16127 16130 7ff6ca23c550 _log10_special 8 API calls 16129->16130 16131 7ff6ca24a757 GetCurrentProcess TerminateProcess 16130->16131 16133 7ff6ca247e24 16132->16133 16134 7ff6ca247e92 16132->16134 16133->16134 16136 7ff6ca247e29 16133->16136 16169 7ff6ca2507c0 16134->16169 16138 7ff6ca247e41 16136->16138 16139 7ff6ca247e5e 16136->16139 16137 7ff6ca247e56 __std_exception_copy 16137->15967 16144 7ff6ca247bd8 GetFullPathNameW 16138->16144 16152 7ff6ca247c4c GetFullPathNameW 16139->16152 16145 7ff6ca247bfe GetLastError 16144->16145 16147 7ff6ca247c14 16144->16147 16146 7ff6ca244e7c _fread_nolock 11 API calls 16145->16146 16148 7ff6ca247c0b 16146->16148 16149 7ff6ca247c10 16147->16149 16151 7ff6ca244f08 memcpy_s 11 API calls 16147->16151 16150 7ff6ca244f08 memcpy_s 11 API calls 16148->16150 16149->16137 16150->16149 16151->16149 16153 7ff6ca247c7f GetLastError 16152->16153 16158 7ff6ca247c95 __std_exception_copy 16152->16158 16154 7ff6ca244e7c _fread_nolock 11 API calls 16153->16154 16155 7ff6ca247c8c 16154->16155 16157 7ff6ca244f08 memcpy_s 11 API calls 16155->16157 16156 7ff6ca247c91 16160 7ff6ca247d24 16156->16160 16157->16156 16158->16156 16159 7ff6ca247cef GetFullPathNameW 16158->16159 16159->16153 16159->16156 16163 7ff6ca247d98 memcpy_s 16160->16163 16164 7ff6ca247d4d memcpy_s 16160->16164 16161 7ff6ca247d81 16162 7ff6ca244f08 memcpy_s 11 API calls 16161->16162 16168 7ff6ca247d86 16162->16168 16163->16137 16164->16161 16164->16163 16165 7ff6ca247dba 16164->16165 16165->16163 16167 7ff6ca244f08 memcpy_s 11 API calls 16165->16167 16166 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 16166->16163 16167->16168 16168->16166 16172 7ff6ca2505d0 16169->16172 16173 7ff6ca2505fb 16172->16173 16174 7ff6ca250612 16172->16174 16175 7ff6ca244f08 memcpy_s 11 API calls 16173->16175 16176 7ff6ca250616 16174->16176 16177 7ff6ca250637 16174->16177 16178 7ff6ca250600 16175->16178 16198 7ff6ca25073c 16176->16198 16210 7ff6ca24f5b8 16177->16210 16183 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 16178->16183 16181 7ff6ca25063c 16186 7ff6ca2506e1 16181->16186 16193 7ff6ca250663 16181->16193 16197 7ff6ca25060b __std_exception_copy 16183->16197 16184 7ff6ca25061f 16185 7ff6ca244ee8 _fread_nolock 11 API calls 16184->16185 16187 7ff6ca250624 16185->16187 16186->16173 16188 7ff6ca2506e9 16186->16188 16190 7ff6ca244f08 memcpy_s 11 API calls 16187->16190 16191 7ff6ca247bd8 13 API calls 16188->16191 16189 7ff6ca23c550 _log10_special 8 API calls 16192 7ff6ca250731 16189->16192 16190->16178 16191->16197 16192->16137 16194 7ff6ca247c4c 14 API calls 16193->16194 16195 7ff6ca2506a7 16194->16195 16196 7ff6ca247d24 37 API calls 16195->16196 16195->16197 16196->16197 16197->16189 16199 7ff6ca250786 16198->16199 16200 7ff6ca250756 16198->16200 16201 7ff6ca250771 16199->16201 16202 7ff6ca250791 GetDriveTypeW 16199->16202 16203 7ff6ca244ee8 _fread_nolock 11 API calls 16200->16203 16206 7ff6ca23c550 _log10_special 8 API calls 16201->16206 16202->16201 16204 7ff6ca25075b 16203->16204 16205 7ff6ca244f08 memcpy_s 11 API calls 16204->16205 16208 7ff6ca250766 16205->16208 16207 7ff6ca25061b 16206->16207 16207->16181 16207->16184 16209 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 16208->16209 16209->16201 16224 7ff6ca25a4d0 16210->16224 16213 7ff6ca24f62c 16215 7ff6ca24eb98 memcpy_s 11 API calls 16213->16215 16214 7ff6ca24f605 16216 7ff6ca23c550 _log10_special 8 API calls 16214->16216 16217 7ff6ca24f63b 16215->16217 16220 7ff6ca24f699 16216->16220 16218 7ff6ca24f654 16217->16218 16219 7ff6ca24f645 GetCurrentDirectoryW 16217->16219 16222 7ff6ca244f08 memcpy_s 11 API calls 16218->16222 16219->16218 16221 7ff6ca24f659 16219->16221 16220->16181 16223 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16221->16223 16222->16221 16223->16214 16225 7ff6ca24f5ee GetCurrentDirectoryW 16224->16225 16225->16213 16225->16214 16227 7ff6ca24f755 16226->16227 16228 7ff6ca24f731 16226->16228 16230 7ff6ca24f78f 16227->16230 16233 7ff6ca24f7ae 16227->16233 16228->16227 16229 7ff6ca24f736 16228->16229 16231 7ff6ca244f08 memcpy_s 11 API calls 16229->16231 16232 7ff6ca244f08 memcpy_s 11 API calls 16230->16232 16234 7ff6ca24f73b 16231->16234 16235 7ff6ca24f794 16232->16235 16243 7ff6ca244f4c 16233->16243 16237 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 16234->16237 16238 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 16235->16238 16239 7ff6ca24f746 16237->16239 16240 7ff6ca24f79f 16238->16240 16239->15988 16240->15988 16241 7ff6ca24f7bb 16241->16240 16242 7ff6ca2504dc 51 API calls 16241->16242 16242->16241 16244 7ff6ca244f70 16243->16244 16250 7ff6ca244f6b 16243->16250 16244->16250 16251 7ff6ca24b150 GetLastError 16244->16251 16250->16241 16252 7ff6ca24b174 FlsGetValue 16251->16252 16253 7ff6ca24b191 FlsSetValue 16251->16253 16254 7ff6ca24b18b 16252->16254 16255 7ff6ca24b181 16252->16255 16253->16255 16256 7ff6ca24b1a3 16253->16256 16254->16253 16257 7ff6ca24b1fd SetLastError 16255->16257 16258 7ff6ca24eb98 memcpy_s 11 API calls 16256->16258 16260 7ff6ca244f8b 16257->16260 16261 7ff6ca24b21d 16257->16261 16259 7ff6ca24b1b2 16258->16259 16262 7ff6ca24b1d0 FlsSetValue 16259->16262 16263 7ff6ca24b1c0 FlsSetValue 16259->16263 16273 7ff6ca24d984 16260->16273 16281 7ff6ca24a504 16261->16281 16266 7ff6ca24b1dc FlsSetValue 16262->16266 16267 7ff6ca24b1ee 16262->16267 16265 7ff6ca24b1c9 16263->16265 16269 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16265->16269 16266->16265 16270 7ff6ca24aef4 memcpy_s 11 API calls 16267->16270 16269->16255 16271 7ff6ca24b1f6 16270->16271 16272 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16271->16272 16272->16257 16274 7ff6ca24d999 16273->16274 16275 7ff6ca244fae 16273->16275 16274->16275 16325 7ff6ca253304 16274->16325 16277 7ff6ca24d9f0 16275->16277 16278 7ff6ca24da18 16277->16278 16279 7ff6ca24da05 16277->16279 16278->16250 16279->16278 16338 7ff6ca252650 16279->16338 16290 7ff6ca253650 16281->16290 16316 7ff6ca253608 16290->16316 16321 7ff6ca2502d8 EnterCriticalSection 16316->16321 16326 7ff6ca24b150 _CreateFrameInfo 45 API calls 16325->16326 16327 7ff6ca253313 16326->16327 16328 7ff6ca25335e 16327->16328 16337 7ff6ca2502d8 EnterCriticalSection 16327->16337 16328->16275 16339 7ff6ca24b150 _CreateFrameInfo 45 API calls 16338->16339 16340 7ff6ca252659 16339->16340 20140 7ff6ca2516b0 20151 7ff6ca2573e4 20140->20151 20152 7ff6ca2573f1 20151->20152 20153 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20152->20153 20155 7ff6ca25740d 20152->20155 20153->20152 20154 7ff6ca24a948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20154->20155 20155->20154 20156 7ff6ca2516b9 20155->20156 20157 7ff6ca2502d8 EnterCriticalSection 20156->20157 20628 7ff6ca24c520 20639 7ff6ca2502d8 EnterCriticalSection 20628->20639 16341 7ff6ca24f98c 16342 7ff6ca24fb7e 16341->16342 16344 7ff6ca24f9ce _isindst 16341->16344 16343 7ff6ca244f08 memcpy_s 11 API calls 16342->16343 16361 7ff6ca24fb6e 16343->16361 16344->16342 16347 7ff6ca24fa4e _isindst 16344->16347 16345 7ff6ca23c550 _log10_special 8 API calls 16346 7ff6ca24fb99 16345->16346 16362 7ff6ca256194 16347->16362 16352 7ff6ca24fbaa 16354 7ff6ca24a900 _isindst 17 API calls 16352->16354 16356 7ff6ca24fbbe 16354->16356 16359 7ff6ca24faab 16359->16361 16386 7ff6ca2561d8 16359->16386 16361->16345 16363 7ff6ca2561a3 16362->16363 16367 7ff6ca24fa6c 16362->16367 16393 7ff6ca2502d8 EnterCriticalSection 16363->16393 16368 7ff6ca255598 16367->16368 16369 7ff6ca24fa81 16368->16369 16370 7ff6ca2555a1 16368->16370 16369->16352 16374 7ff6ca2555c8 16369->16374 16371 7ff6ca244f08 memcpy_s 11 API calls 16370->16371 16372 7ff6ca2555a6 16371->16372 16373 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 16372->16373 16373->16369 16375 7ff6ca2555d1 16374->16375 16377 7ff6ca24fa92 16374->16377 16376 7ff6ca244f08 memcpy_s 11 API calls 16375->16376 16378 7ff6ca2555d6 16376->16378 16377->16352 16380 7ff6ca2555f8 16377->16380 16379 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 16378->16379 16379->16377 16381 7ff6ca24faa3 16380->16381 16382 7ff6ca255601 16380->16382 16381->16352 16381->16359 16383 7ff6ca244f08 memcpy_s 11 API calls 16382->16383 16384 7ff6ca255606 16383->16384 16385 7ff6ca24a8e0 _invalid_parameter_noinfo 37 API calls 16384->16385 16385->16381 16394 7ff6ca2502d8 EnterCriticalSection 16386->16394 19959 7ff6ca245410 19960 7ff6ca24541b 19959->19960 19968 7ff6ca24f2a4 19960->19968 19981 7ff6ca2502d8 EnterCriticalSection 19968->19981 19982 7ff6ca25adfe 19983 7ff6ca25ae0d 19982->19983 19984 7ff6ca25ae17 19982->19984 19986 7ff6ca250338 LeaveCriticalSection 19983->19986

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FF6CA2389E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 0 7ff6ca2389e0-7ff6ca238b26 call 7ff6ca23c850 call 7ff6ca239390 SetConsoleCtrlHandler GetStartupInfoW call 7ff6ca2453f0 call 7ff6ca24a47c call 7ff6ca24871c call 7ff6ca2453f0 call 7ff6ca24a47c call 7ff6ca24871c call 7ff6ca2453f0 call 7ff6ca24a47c call 7ff6ca24871c GetCommandLineW CreateProcessW 23 7ff6ca238b28-7ff6ca238b48 GetLastError call 7ff6ca232c50 0->23 24 7ff6ca238b4d-7ff6ca238b89 RegisterClassW 0->24 31 7ff6ca238e39-7ff6ca238e5f call 7ff6ca23c550 23->31 26 7ff6ca238b8b GetLastError 24->26 27 7ff6ca238b91-7ff6ca238be5 CreateWindowExW 24->27 26->27 29 7ff6ca238be7-7ff6ca238bed GetLastError 27->29 30 7ff6ca238bef-7ff6ca238bf4 ShowWindow 27->30 32 7ff6ca238bfa-7ff6ca238c0a WaitForSingleObject 29->32 30->32 34 7ff6ca238c88-7ff6ca238c8f 32->34 35 7ff6ca238c0c 32->35 36 7ff6ca238c91-7ff6ca238ca1 WaitForSingleObject 34->36 37 7ff6ca238cd2-7ff6ca238cd9 34->37 39 7ff6ca238c10-7ff6ca238c13 35->39 40 7ff6ca238df8-7ff6ca238e02 36->40 41 7ff6ca238ca7-7ff6ca238cb7 TerminateProcess 36->41 42 7ff6ca238dc0-7ff6ca238dd9 GetMessageW 37->42 43 7ff6ca238cdf-7ff6ca238cf5 QueryPerformanceFrequency QueryPerformanceCounter 37->43 44 7ff6ca238c1b-7ff6ca238c22 39->44 45 7ff6ca238c15 GetLastError 39->45 49 7ff6ca238e11-7ff6ca238e35 GetExitCodeProcess CloseHandle * 2 40->49 50 7ff6ca238e04-7ff6ca238e0a DestroyWindow 40->50 51 7ff6ca238cb9 GetLastError 41->51 52 7ff6ca238cbf-7ff6ca238ccd WaitForSingleObject 41->52 47 7ff6ca238ddb-7ff6ca238de9 TranslateMessage DispatchMessageW 42->47 48 7ff6ca238def-7ff6ca238df6 42->48 53 7ff6ca238d00-7ff6ca238d38 MsgWaitForMultipleObjects PeekMessageW 43->53 44->36 46 7ff6ca238c24-7ff6ca238c41 PeekMessageW 44->46 45->44 54 7ff6ca238c76-7ff6ca238c86 WaitForSingleObject 46->54 55 7ff6ca238c43-7ff6ca238c74 TranslateMessage DispatchMessageW PeekMessageW 46->55 47->48 48->40 48->42 49->31 50->49 51->52 52->40 56 7ff6ca238d3a 53->56 57 7ff6ca238d73-7ff6ca238d7a 53->57 54->34 54->39 55->54 55->55 58 7ff6ca238d40-7ff6ca238d71 TranslateMessage DispatchMessageW PeekMessageW 56->58 57->42 59 7ff6ca238d7c-7ff6ca238da5 QueryPerformanceCounter 57->59 58->57 58->58 59->53 60 7ff6ca238dab-7ff6ca238db2 59->60 60->40 61 7ff6ca238db4-7ff6ca238db8 60->61 61->42
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                              • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                              • API String ID: 3832162212-3165540532
                                                                                                                                                                                                              • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                              • Instruction ID: 351347a63b16b4da60142908b073415c3fa3460da0372bedec09b47e66d12688
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5CD1C232A09AA286EB108F34F9642BD3764FF85B59F484275DACD97A98EF3CD144D700
                                                                                                                                                                                                              Function 00007FF6CA231000 Relevance: 60.0, APIs: 6, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 62 7ff6ca231000-7ff6ca233806 call 7ff6ca23fe18 call 7ff6ca23fe20 call 7ff6ca23c850 call 7ff6ca2453f0 call 7ff6ca245484 call 7ff6ca2336b0 76 7ff6ca233808-7ff6ca23380f 62->76 77 7ff6ca233814-7ff6ca233836 call 7ff6ca231950 62->77 78 7ff6ca233c97-7ff6ca233cb2 call 7ff6ca23c550 76->78 82 7ff6ca23383c-7ff6ca233856 call 7ff6ca231c80 77->82 83 7ff6ca23391b-7ff6ca233931 call 7ff6ca2345c0 77->83 87 7ff6ca23385b-7ff6ca23389b call 7ff6ca238830 82->87 90 7ff6ca23396a-7ff6ca23397f call 7ff6ca232710 83->90 91 7ff6ca233933-7ff6ca233960 call 7ff6ca237f90 83->91 97 7ff6ca23389d-7ff6ca2338a3 87->97 98 7ff6ca2338c1-7ff6ca2338cc call 7ff6ca244f30 87->98 101 7ff6ca233c8f 90->101 99 7ff6ca233984-7ff6ca2339a6 call 7ff6ca231c80 91->99 100 7ff6ca233962-7ff6ca233965 call 7ff6ca24004c 91->100 102 7ff6ca2338af-7ff6ca2338bd call 7ff6ca2389a0 97->102 103 7ff6ca2338a5-7ff6ca2338ad 97->103 109 7ff6ca2339fc-7ff6ca233a2a call 7ff6ca238940 call 7ff6ca2389a0 * 3 98->109 110 7ff6ca2338d2-7ff6ca2338e1 call 7ff6ca238830 98->110 115 7ff6ca2339b0-7ff6ca2339b9 99->115 100->90 101->78 102->98 103->102 138 7ff6ca233a2f-7ff6ca233a3e call 7ff6ca238830 109->138 119 7ff6ca2338e7-7ff6ca2338ed 110->119 120 7ff6ca2339f4-7ff6ca2339f7 call 7ff6ca244f30 110->120 115->115 118 7ff6ca2339bb-7ff6ca2339d8 call 7ff6ca231950 115->118 118->87 130 7ff6ca2339de-7ff6ca2339ef call 7ff6ca232710 118->130 124 7ff6ca2338f0-7ff6ca2338fc 119->124 120->109 127 7ff6ca2338fe-7ff6ca233903 124->127 128 7ff6ca233905-7ff6ca233908 124->128 127->124 127->128 128->120 131 7ff6ca23390e-7ff6ca233916 call 7ff6ca244f30 128->131 130->101 131->138 141 7ff6ca233a44-7ff6ca233a47 138->141 142 7ff6ca233b45-7ff6ca233b53 138->142 141->142 145 7ff6ca233a4d-7ff6ca233a50 141->145 143 7ff6ca233b59-7ff6ca233b5d 142->143 144 7ff6ca233a67 142->144 146 7ff6ca233a6b-7ff6ca233a90 call 7ff6ca244f30 143->146 144->146 147 7ff6ca233a56-7ff6ca233a5a 145->147 148 7ff6ca233b14-7ff6ca233b17 145->148 157 7ff6ca233aab-7ff6ca233ac0 146->157 158 7ff6ca233a92-7ff6ca233aa6 call 7ff6ca238940 146->158 147->148 149 7ff6ca233a60 147->149 150 7ff6ca233b19-7ff6ca233b1d 148->150 151 7ff6ca233b2f-7ff6ca233b40 call 7ff6ca232710 148->151 149->144 150->151 153 7ff6ca233b1f-7ff6ca233b2a 150->153 159 7ff6ca233c7f-7ff6ca233c87 151->159 153->146 161 7ff6ca233be8-7ff6ca233bfa call 7ff6ca238830 157->161 162 7ff6ca233ac6-7ff6ca233aca 157->162 158->157 159->101 170 7ff6ca233bfc-7ff6ca233c02 161->170 171 7ff6ca233c2e 161->171 164 7ff6ca233bcd-7ff6ca233be2 call 7ff6ca231940 162->164 165 7ff6ca233ad0-7ff6ca233ae8 call 7ff6ca245250 162->165 164->161 164->162 175 7ff6ca233aea-7ff6ca233b02 call 7ff6ca245250 165->175 176 7ff6ca233b62-7ff6ca233b7a call 7ff6ca245250 165->176 173 7ff6ca233c1e-7ff6ca233c2c 170->173 174 7ff6ca233c04-7ff6ca233c1c 170->174 177 7ff6ca233c31-7ff6ca233c40 call 7ff6ca244f30 171->177 173->177 174->177 175->164 188 7ff6ca233b08-7ff6ca233b0f 175->188 186 7ff6ca233b87-7ff6ca233b9f call 7ff6ca245250 176->186 187 7ff6ca233b7c-7ff6ca233b80 176->187 184 7ff6ca233c46-7ff6ca233c4a 177->184 185 7ff6ca233d41-7ff6ca233d63 call 7ff6ca2344e0 177->185 189 7ff6ca233c50-7ff6ca233c5f call 7ff6ca2390e0 184->189 190 7ff6ca233cd4-7ff6ca233ce6 call 7ff6ca238830 184->190 199 7ff6ca233d71-7ff6ca233d82 call 7ff6ca231c80 185->199 200 7ff6ca233d65-7ff6ca233d6f call 7ff6ca234630 185->200 201 7ff6ca233bac-7ff6ca233bc4 call 7ff6ca245250 186->201 202 7ff6ca233ba1-7ff6ca233ba5 186->202 187->186 188->164 204 7ff6ca233c61 189->204 205 7ff6ca233cb3-7ff6ca233cb6 call 7ff6ca238660 189->205 206 7ff6ca233ce8-7ff6ca233ceb 190->206 207 7ff6ca233d35-7ff6ca233d3c 190->207 214 7ff6ca233d87-7ff6ca233d96 199->214 200->214 201->164 217 7ff6ca233bc6 201->217 202->201 211 7ff6ca233c68 call 7ff6ca232710 204->211 216 7ff6ca233cbb-7ff6ca233cbd 205->216 206->207 212 7ff6ca233ced-7ff6ca233d10 call 7ff6ca231c80 206->212 207->211 225 7ff6ca233c6d-7ff6ca233c77 211->225 229 7ff6ca233d2b-7ff6ca233d33 call 7ff6ca244f30 212->229 230 7ff6ca233d12-7ff6ca233d26 call 7ff6ca232710 call 7ff6ca244f30 212->230 220 7ff6ca233d98-7ff6ca233d9f 214->220 221 7ff6ca233dbc-7ff6ca233dd2 call 7ff6ca239390 214->221 223 7ff6ca233cc8-7ff6ca233ccf 216->223 224 7ff6ca233cbf-7ff6ca233cc6 216->224 217->164 220->221 227 7ff6ca233da1-7ff6ca233da5 220->227 233 7ff6ca233de0-7ff6ca233dfc SetDllDirectoryW 221->233 234 7ff6ca233dd4 221->234 223->214 224->211 225->159 227->221 231 7ff6ca233da7-7ff6ca233db6 LoadLibraryExW 227->231 229->214 230->225 231->221 237 7ff6ca233ef9-7ff6ca233f00 233->237 238 7ff6ca233e02-7ff6ca233e11 call 7ff6ca238830 233->238 234->233 240 7ff6ca233f06-7ff6ca233f0d 237->240 241 7ff6ca234000-7ff6ca234008 237->241 251 7ff6ca233e2a-7ff6ca233e34 call 7ff6ca244f30 238->251 252 7ff6ca233e13-7ff6ca233e19 238->252 240->241 244 7ff6ca233f13-7ff6ca233f1d call 7ff6ca2333c0 240->244 245 7ff6ca23402d-7ff6ca23405f call 7ff6ca2336a0 call 7ff6ca233360 call 7ff6ca233670 call 7ff6ca236fc0 call 7ff6ca236d70 241->245 246 7ff6ca23400a-7ff6ca234027 PostMessageW GetMessageW 241->246 244->225 258 7ff6ca233f23-7ff6ca233f37 call 7ff6ca2390c0 244->258 246->245 263 7ff6ca233eea-7ff6ca233ef4 call 7ff6ca238940 251->263 264 7ff6ca233e3a-7ff6ca233e40 251->264 255 7ff6ca233e1b-7ff6ca233e23 252->255 256 7ff6ca233e25-7ff6ca233e27 252->256 255->256 256->251 271 7ff6ca233f39-7ff6ca233f56 PostMessageW GetMessageW 258->271 272 7ff6ca233f5c-7ff6ca233f72 call 7ff6ca238940 call 7ff6ca2389e0 258->272 263->237 264->263 268 7ff6ca233e46-7ff6ca233e4c 264->268 269 7ff6ca233e57-7ff6ca233e59 268->269 270 7ff6ca233e4e-7ff6ca233e50 268->270 269->237 274 7ff6ca233e5f-7ff6ca233e7b call 7ff6ca236dc0 call 7ff6ca237340 269->274 270->274 275 7ff6ca233e52 270->275 271->272 285 7ff6ca233f77-7ff6ca233f9f call 7ff6ca236fc0 call 7ff6ca236d70 call 7ff6ca2388e0 272->285 289 7ff6ca233e86-7ff6ca233e8d 274->289 290 7ff6ca233e7d-7ff6ca233e84 274->290 275->237 310 7ff6ca233fed-7ff6ca233ffb call 7ff6ca231900 285->310 311 7ff6ca233fa1-7ff6ca233fb7 call 7ff6ca238ed0 call 7ff6ca2388e0 285->311 293 7ff6ca233ea7-7ff6ca233eb1 call 7ff6ca2371b0 289->293 294 7ff6ca233e8f-7ff6ca233e9c call 7ff6ca236e00 289->294 292 7ff6ca233ed3-7ff6ca233ee8 call 7ff6ca232a50 call 7ff6ca236fc0 call 7ff6ca236d70 290->292 292->237 304 7ff6ca233ebc-7ff6ca233eca call 7ff6ca2374f0 293->304 305 7ff6ca233eb3-7ff6ca233eba 293->305 294->293 308 7ff6ca233e9e-7ff6ca233ea5 294->308 304->237 318 7ff6ca233ecc 304->318 305->292 308->292 310->225 311->310 323 7ff6ca233fb9-7ff6ca233fce 311->323 318->292 324 7ff6ca233fe8 call 7ff6ca232a50 323->324 325 7ff6ca233fd0-7ff6ca233fe3 call 7ff6ca232710 call 7ff6ca231900 323->325 324->310 325->225
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                              • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                              • API String ID: 2776309574-4232158417
                                                                                                                                                                                                              • Opcode ID: 3371d9c394c7429e89e2a15970968262caefbe1a16c088c735d4855cb058f789
                                                                                                                                                                                                              • Instruction ID: 26f0a8af55233ae32664367f59453ee5d92876ca20b597313ea8dfb8b0c7b71a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3371d9c394c7429e89e2a15970968262caefbe1a16c088c735d4855cb058f789
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB327221A0E6A291FA15DF21B7743B92259BF46742F4C40B2DACDC76D6EF2CE654E300
                                                                                                                                                                                                              Function 00007FF6CA255C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 479 7ff6ca255c00-7ff6ca255c3b call 7ff6ca255588 call 7ff6ca255590 call 7ff6ca2555f8 486 7ff6ca255e65-7ff6ca255eb1 call 7ff6ca24a900 call 7ff6ca255588 call 7ff6ca255590 call 7ff6ca2555f8 479->486 487 7ff6ca255c41-7ff6ca255c4c call 7ff6ca255598 479->487 512 7ff6ca255eb7-7ff6ca255ec2 call 7ff6ca255598 486->512 513 7ff6ca255fef-7ff6ca25605d call 7ff6ca24a900 call 7ff6ca251578 486->513 487->486 492 7ff6ca255c52-7ff6ca255c5c 487->492 494 7ff6ca255c7e-7ff6ca255c82 492->494 495 7ff6ca255c5e-7ff6ca255c61 492->495 498 7ff6ca255c85-7ff6ca255c8d 494->498 497 7ff6ca255c64-7ff6ca255c6f 495->497 500 7ff6ca255c7a-7ff6ca255c7c 497->500 501 7ff6ca255c71-7ff6ca255c78 497->501 498->498 502 7ff6ca255c8f-7ff6ca255ca2 call 7ff6ca24d5fc 498->502 500->494 504 7ff6ca255cab-7ff6ca255cb9 500->504 501->497 501->500 509 7ff6ca255cba-7ff6ca255cc6 call 7ff6ca24a948 502->509 510 7ff6ca255ca4-7ff6ca255ca6 call 7ff6ca24a948 502->510 520 7ff6ca255ccd-7ff6ca255cd5 509->520 510->504 512->513 522 7ff6ca255ec8-7ff6ca255ed3 call 7ff6ca2555c8 512->522 533 7ff6ca25606b-7ff6ca25606e 513->533 534 7ff6ca25605f-7ff6ca256066 513->534 520->520 523 7ff6ca255cd7-7ff6ca255ce8 call 7ff6ca250474 520->523 522->513 531 7ff6ca255ed9-7ff6ca255efc call 7ff6ca24a948 GetTimeZoneInformation 522->531 523->486 532 7ff6ca255cee-7ff6ca255d44 call 7ff6ca25a4d0 * 4 call 7ff6ca255b1c 523->532 547 7ff6ca255f02-7ff6ca255f23 531->547 548 7ff6ca255fc4-7ff6ca255fee call 7ff6ca255580 call 7ff6ca255570 call 7ff6ca255578 531->548 591 7ff6ca255d46-7ff6ca255d4a 532->591 537 7ff6ca2560a5-7ff6ca2560b8 call 7ff6ca24d5fc 533->537 538 7ff6ca256070 533->538 539 7ff6ca2560fb-7ff6ca2560fe 534->539 553 7ff6ca2560ba 537->553 554 7ff6ca2560c3-7ff6ca2560de call 7ff6ca251578 537->554 540 7ff6ca256073 538->540 539->540 541 7ff6ca256104-7ff6ca25610c call 7ff6ca255c00 539->541 549 7ff6ca256078-7ff6ca2560a4 call 7ff6ca24a948 call 7ff6ca23c550 540->549 550 7ff6ca256073 call 7ff6ca255e7c 540->550 541->549 555 7ff6ca255f25-7ff6ca255f2b 547->555 556 7ff6ca255f2e-7ff6ca255f35 547->556 550->549 560 7ff6ca2560bc-7ff6ca2560c1 call 7ff6ca24a948 553->560 577 7ff6ca2560e5-7ff6ca2560f7 call 7ff6ca24a948 554->577 578 7ff6ca2560e0-7ff6ca2560e3 554->578 555->556 562 7ff6ca255f37-7ff6ca255f3f 556->562 563 7ff6ca255f49 556->563 560->538 562->563 570 7ff6ca255f41-7ff6ca255f47 562->570 573 7ff6ca255f4b-7ff6ca255fbf call 7ff6ca25a4d0 * 4 call 7ff6ca252b5c call 7ff6ca256114 * 2 563->573 570->573 573->548 577->539 578->560 593 7ff6ca255d4c 591->593 594 7ff6ca255d50-7ff6ca255d54 591->594 593->594 594->591 596 7ff6ca255d56-7ff6ca255d7b call 7ff6ca246b58 594->596 602 7ff6ca255d7e-7ff6ca255d82 596->602 604 7ff6ca255d84-7ff6ca255d8f 602->604 605 7ff6ca255d91-7ff6ca255d95 602->605 604->605 607 7ff6ca255d97-7ff6ca255d9b 604->607 605->602 610 7ff6ca255e1c-7ff6ca255e20 607->610 611 7ff6ca255d9d-7ff6ca255dc5 call 7ff6ca246b58 607->611 612 7ff6ca255e27-7ff6ca255e34 610->612 613 7ff6ca255e22-7ff6ca255e24 610->613 618 7ff6ca255dc7 611->618 619 7ff6ca255de3-7ff6ca255de7 611->619 615 7ff6ca255e36-7ff6ca255e4c call 7ff6ca255b1c 612->615 616 7ff6ca255e4f-7ff6ca255e5e call 7ff6ca255580 call 7ff6ca255570 612->616 613->612 615->616 616->486 622 7ff6ca255dca-7ff6ca255dd1 618->622 619->610 624 7ff6ca255de9-7ff6ca255e07 call 7ff6ca246b58 619->624 622->619 626 7ff6ca255dd3-7ff6ca255de1 622->626 631 7ff6ca255e13-7ff6ca255e1a 624->631 626->619 626->622 631->610 632 7ff6ca255e09-7ff6ca255e0d 631->632 632->610 633 7ff6ca255e0f 632->633 633->631
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6CA255C45
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA255598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6CA2555AC
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA24A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6CA252D22,?,?,?,00007FF6CA252D5F,?,?,00000000,00007FF6CA253225,?,?,?,00007FF6CA253157), ref: 00007FF6CA24A95E
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA24A948: GetLastError.KERNEL32(?,?,?,00007FF6CA252D22,?,?,?,00007FF6CA252D5F,?,?,00000000,00007FF6CA253225,?,?,?,00007FF6CA253157), ref: 00007FF6CA24A968
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA24A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6CA24A8DF,?,?,?,?,?,00007FF6CA24A7CA), ref: 00007FF6CA24A909
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA24A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6CA24A8DF,?,?,?,?,?,00007FF6CA24A7CA), ref: 00007FF6CA24A92E
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6CA255C34
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA2555F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6CA25560C
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6CA255EAA
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6CA255EBB
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6CA255ECC
                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6CA25610C), ref: 00007FF6CA255EF3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                              • API String ID: 4070488512-239921721
                                                                                                                                                                                                              • Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                              • Instruction ID: 47b87e859b5f2badfc1d2fcf7e82b621732583264acdcd1004c7857474aa20e3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DD1D532A0826246E720DF62FA611B97361FF84796F4C8075EA8DC7699DF3CE841E740
                                                                                                                                                                                                              Function 00007FF6CA256964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 693 7ff6ca256964-7ff6ca2569d7 call 7ff6ca256698 696 7ff6ca2569d9-7ff6ca2569e2 call 7ff6ca244ee8 693->696 697 7ff6ca2569f1-7ff6ca2569fb call 7ff6ca248520 693->697 704 7ff6ca2569e5-7ff6ca2569ec call 7ff6ca244f08 696->704 702 7ff6ca2569fd-7ff6ca256a14 call 7ff6ca244ee8 call 7ff6ca244f08 697->702 703 7ff6ca256a16-7ff6ca256a7f CreateFileW 697->703 702->704 706 7ff6ca256afc-7ff6ca256b07 GetFileType 703->706 707 7ff6ca256a81-7ff6ca256a87 703->707 715 7ff6ca256d32-7ff6ca256d52 704->715 710 7ff6ca256b5a-7ff6ca256b61 706->710 711 7ff6ca256b09-7ff6ca256b44 GetLastError call 7ff6ca244e7c CloseHandle 706->711 713 7ff6ca256ac9-7ff6ca256af7 GetLastError call 7ff6ca244e7c 707->713 714 7ff6ca256a89-7ff6ca256a8d 707->714 718 7ff6ca256b69-7ff6ca256b6c 710->718 719 7ff6ca256b63-7ff6ca256b67 710->719 711->704 727 7ff6ca256b4a-7ff6ca256b55 call 7ff6ca244f08 711->727 713->704 714->713 720 7ff6ca256a8f-7ff6ca256ac7 CreateFileW 714->720 724 7ff6ca256b72-7ff6ca256bc7 call 7ff6ca248438 718->724 725 7ff6ca256b6e 718->725 719->724 720->706 720->713 732 7ff6ca256be6-7ff6ca256c17 call 7ff6ca256418 724->732 733 7ff6ca256bc9-7ff6ca256bd5 call 7ff6ca2568a0 724->733 725->724 727->704 739 7ff6ca256c1d-7ff6ca256c5f 732->739 740 7ff6ca256c19-7ff6ca256c1b 732->740 733->732 738 7ff6ca256bd7 733->738 741 7ff6ca256bd9-7ff6ca256be1 call 7ff6ca24aac0 738->741 742 7ff6ca256c81-7ff6ca256c8c 739->742 743 7ff6ca256c61-7ff6ca256c65 739->743 740->741 741->715 746 7ff6ca256c92-7ff6ca256c96 742->746 747 7ff6ca256d30 742->747 743->742 745 7ff6ca256c67-7ff6ca256c7c 743->745 745->742 746->747 749 7ff6ca256c9c-7ff6ca256ce1 CloseHandle CreateFileW 746->749 747->715 750 7ff6ca256d16-7ff6ca256d2b 749->750 751 7ff6ca256ce3-7ff6ca256d11 GetLastError call 7ff6ca244e7c call 7ff6ca248660 749->751 750->747 751->750
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1617910340-0
                                                                                                                                                                                                              • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                              • Instruction ID: 6afba807dd90e894914cb199a28122321289ee419155c669c4dae40b2e23f796
                                                                                                                                                                                                              • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49C10232B28A5186EB10CFA4E6A06AC3761FB49B99F094275DE9E973D8DF3CD451D300
                                                                                                                                                                                                              Function 00007FF6CA255E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 959 7ff6ca255e7c-7ff6ca255eb1 call 7ff6ca255588 call 7ff6ca255590 call 7ff6ca2555f8 966 7ff6ca255eb7-7ff6ca255ec2 call 7ff6ca255598 959->966 967 7ff6ca255fef-7ff6ca25605d call 7ff6ca24a900 call 7ff6ca251578 959->967 966->967 972 7ff6ca255ec8-7ff6ca255ed3 call 7ff6ca2555c8 966->972 979 7ff6ca25606b-7ff6ca25606e 967->979 980 7ff6ca25605f-7ff6ca256066 967->980 972->967 978 7ff6ca255ed9-7ff6ca255efc call 7ff6ca24a948 GetTimeZoneInformation 972->978 991 7ff6ca255f02-7ff6ca255f23 978->991 992 7ff6ca255fc4-7ff6ca255fee call 7ff6ca255580 call 7ff6ca255570 call 7ff6ca255578 978->992 982 7ff6ca2560a5-7ff6ca2560b8 call 7ff6ca24d5fc 979->982 983 7ff6ca256070 979->983 984 7ff6ca2560fb-7ff6ca2560fe 980->984 996 7ff6ca2560ba 982->996 997 7ff6ca2560c3-7ff6ca2560de call 7ff6ca251578 982->997 985 7ff6ca256073 983->985 984->985 986 7ff6ca256104-7ff6ca25610c call 7ff6ca255c00 984->986 993 7ff6ca256078-7ff6ca2560a4 call 7ff6ca24a948 call 7ff6ca23c550 985->993 994 7ff6ca256073 call 7ff6ca255e7c 985->994 986->993 998 7ff6ca255f25-7ff6ca255f2b 991->998 999 7ff6ca255f2e-7ff6ca255f35 991->999 994->993 1002 7ff6ca2560bc-7ff6ca2560c1 call 7ff6ca24a948 996->1002 1017 7ff6ca2560e5-7ff6ca2560f7 call 7ff6ca24a948 997->1017 1018 7ff6ca2560e0-7ff6ca2560e3 997->1018 998->999 1004 7ff6ca255f37-7ff6ca255f3f 999->1004 1005 7ff6ca255f49 999->1005 1002->983 1004->1005 1011 7ff6ca255f41-7ff6ca255f47 1004->1011 1013 7ff6ca255f4b-7ff6ca255fbf call 7ff6ca25a4d0 * 4 call 7ff6ca252b5c call 7ff6ca256114 * 2 1005->1013 1011->1013 1013->992 1017->984 1018->1002
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6CA255EAA
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA2555F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6CA25560C
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6CA255EBB
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA255598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6CA2555AC
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6CA255ECC
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA2555C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6CA2555DC
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA24A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6CA252D22,?,?,?,00007FF6CA252D5F,?,?,00000000,00007FF6CA253225,?,?,?,00007FF6CA253157), ref: 00007FF6CA24A95E
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA24A948: GetLastError.KERNEL32(?,?,?,00007FF6CA252D22,?,?,?,00007FF6CA252D5F,?,?,00000000,00007FF6CA253225,?,?,?,00007FF6CA253157), ref: 00007FF6CA24A968
                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6CA25610C), ref: 00007FF6CA255EF3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                              • API String ID: 3458911817-239921721
                                                                                                                                                                                                              • Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                              • Instruction ID: 9c3b455351e1dac778f19530445e041b532ab44192ac9d35d5b9e011cc5067c1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1551B432A0866286E720DF61FAA15B97360FF48785F4841B5EA8DC3799DF3CE540A740
                                                                                                                                                                                                              Function 00007FF6CA239280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                              • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                              • Instruction ID: c9d90f875458c6cbb8d05e6a22720aac926403337f9a21ec9f1cc6742a2dcf48
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0F0C822E1975186F7A08FA0B5A87767354BB85725F084335D9ED43AD4DF3CD048EA00
                                                                                                                                                                                                              Function 00007FF6CA2508C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1010374628-0
                                                                                                                                                                                                              • Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                              • Instruction ID: e1edad110d238e1b0421b8c3812f8dde7892b7181b24c2950bf834ebd92de36b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D002CF21A1E66785FA559F11BB30279B680BF41BA2F5D46B4DDDEC63DADE3CE400A300
                                                                                                                                                                                                              Function 00007FF6CA231950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 331 7ff6ca231950-7ff6ca23198b call 7ff6ca2345c0 334 7ff6ca231991-7ff6ca2319d1 call 7ff6ca237f90 331->334 335 7ff6ca231c4e-7ff6ca231c72 call 7ff6ca23c550 331->335 340 7ff6ca2319d7-7ff6ca2319e7 call 7ff6ca2406d4 334->340 341 7ff6ca231c3b-7ff6ca231c3e call 7ff6ca24004c 334->341 346 7ff6ca231a08-7ff6ca231a24 call 7ff6ca24039c 340->346 347 7ff6ca2319e9-7ff6ca231a03 call 7ff6ca244f08 call 7ff6ca232910 340->347 345 7ff6ca231c43-7ff6ca231c4b 341->345 345->335 353 7ff6ca231a26-7ff6ca231a40 call 7ff6ca244f08 call 7ff6ca232910 346->353 354 7ff6ca231a45-7ff6ca231a5a call 7ff6ca244f28 346->354 347->341 353->341 360 7ff6ca231a5c-7ff6ca231a76 call 7ff6ca244f08 call 7ff6ca232910 354->360 361 7ff6ca231a7b-7ff6ca231afc call 7ff6ca231c80 * 2 call 7ff6ca2406d4 354->361 360->341 373 7ff6ca231b01-7ff6ca231b14 call 7ff6ca244f44 361->373 376 7ff6ca231b16-7ff6ca231b30 call 7ff6ca244f08 call 7ff6ca232910 373->376 377 7ff6ca231b35-7ff6ca231b4e call 7ff6ca24039c 373->377 376->341 383 7ff6ca231b50-7ff6ca231b6a call 7ff6ca244f08 call 7ff6ca232910 377->383 384 7ff6ca231b6f-7ff6ca231b8b call 7ff6ca240110 377->384 383->341 390 7ff6ca231b8d-7ff6ca231b99 call 7ff6ca232710 384->390 391 7ff6ca231b9e-7ff6ca231bac 384->391 390->341 391->341 394 7ff6ca231bb2-7ff6ca231bb9 391->394 397 7ff6ca231bc1-7ff6ca231bc7 394->397 398 7ff6ca231bc9-7ff6ca231bd6 397->398 399 7ff6ca231be0-7ff6ca231bef 397->399 400 7ff6ca231bf1-7ff6ca231bfa 398->400 399->399 399->400 401 7ff6ca231bfc-7ff6ca231bff 400->401 402 7ff6ca231c0f 400->402 401->402 403 7ff6ca231c01-7ff6ca231c04 401->403 404 7ff6ca231c11-7ff6ca231c24 402->404 403->402 407 7ff6ca231c06-7ff6ca231c09 403->407 405 7ff6ca231c26 404->405 406 7ff6ca231c2d-7ff6ca231c39 404->406 405->406 406->341 406->397 407->402 408 7ff6ca231c0b-7ff6ca231c0d 407->408 408->404
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA237F90: _fread_nolock.LIBCMT ref: 00007FF6CA23803A
                                                                                                                                                                                                              • _fread_nolock.LIBCMT ref: 00007FF6CA231A1B
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA232910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6CA231B6A), ref: 00007FF6CA23295E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                              • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                              • API String ID: 2397952137-3497178890
                                                                                                                                                                                                              • Opcode ID: bcbc45470d282000346a2dbbd26572b59944004f25f427ec07b9d33b56543599
                                                                                                                                                                                                              • Instruction ID: d3905cac1daa9b0ad634e79b7a56291bb297d717c46ac96b1af37ea1f46a3bdf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcbc45470d282000346a2dbbd26572b59944004f25f427ec07b9d33b56543599
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD81C4B1A0D6A286EB20DF24F2602B933A5FF49746F484471D9CDC7789EE3CE585A740
                                                                                                                                                                                                              Function 00007FF6CA231600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 409 7ff6ca231600-7ff6ca231611 410 7ff6ca231637-7ff6ca231651 call 7ff6ca2345c0 409->410 411 7ff6ca231613-7ff6ca23161c call 7ff6ca231050 409->411 418 7ff6ca231682-7ff6ca23169c call 7ff6ca2345c0 410->418 419 7ff6ca231653-7ff6ca231681 call 7ff6ca244f08 call 7ff6ca232910 410->419 416 7ff6ca23162e-7ff6ca231636 411->416 417 7ff6ca23161e-7ff6ca231629 call 7ff6ca232710 411->417 417->416 426 7ff6ca2316b8-7ff6ca2316cf call 7ff6ca2406d4 418->426 427 7ff6ca23169e-7ff6ca2316b3 call 7ff6ca232710 418->427 434 7ff6ca2316f9-7ff6ca2316fd 426->434 435 7ff6ca2316d1-7ff6ca2316f4 call 7ff6ca244f08 call 7ff6ca232910 426->435 433 7ff6ca231821-7ff6ca231824 call 7ff6ca24004c 427->433 442 7ff6ca231829-7ff6ca23183b 433->442 436 7ff6ca231717-7ff6ca231737 call 7ff6ca244f44 434->436 437 7ff6ca2316ff-7ff6ca23170b call 7ff6ca231210 434->437 448 7ff6ca231819-7ff6ca23181c call 7ff6ca24004c 435->448 449 7ff6ca231739-7ff6ca23175c call 7ff6ca244f08 call 7ff6ca232910 436->449 450 7ff6ca231761-7ff6ca23176c 436->450 444 7ff6ca231710-7ff6ca231712 437->444 444->448 448->433 462 7ff6ca23180f-7ff6ca231814 449->462 453 7ff6ca231802-7ff6ca23180a call 7ff6ca244f30 450->453 454 7ff6ca231772-7ff6ca231777 450->454 453->462 457 7ff6ca231780-7ff6ca2317a2 call 7ff6ca24039c 454->457 464 7ff6ca2317da-7ff6ca2317e6 call 7ff6ca244f08 457->464 465 7ff6ca2317a4-7ff6ca2317bc call 7ff6ca240adc 457->465 462->448 472 7ff6ca2317ed-7ff6ca2317f8 call 7ff6ca232910 464->472 470 7ff6ca2317be-7ff6ca2317c1 465->470 471 7ff6ca2317c5-7ff6ca2317d8 call 7ff6ca244f08 465->471 470->457 473 7ff6ca2317c3 470->473 471->472 476 7ff6ca2317fd 472->476 473->476 476->453
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                              • API String ID: 2050909247-1550345328
                                                                                                                                                                                                              • Opcode ID: 072a8e60094502cab9b96734686b7b67598e91e59fbdaf3113bd79295414d11d
                                                                                                                                                                                                              • Instruction ID: eaa6757803a3c2ed46eeb0ae239440ea5f5a27324e526cccff70469231f70dfc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 072a8e60094502cab9b96734686b7b67598e91e59fbdaf3113bd79295414d11d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9651EFA1B0A62382EE109F12B6201B96394BF41796F8C41B1EECD877D6EF3CF545A700
                                                                                                                                                                                                              Function 00007FF6CA238660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTempPathW.KERNEL32(?,?,00000000,00007FF6CA233CBB), ref: 00007FF6CA238704
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00007FF6CA233CBB), ref: 00007FF6CA23870A
                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00007FF6CA233CBB), ref: 00007FF6CA23874C
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA238830: GetEnvironmentVariableW.KERNEL32(00007FF6CA23388E), ref: 00007FF6CA238867
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA238830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6CA238889
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA248238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6CA248251
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA232810: MessageBoxW.USER32 ref: 00007FF6CA2328EA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                              • API String ID: 3563477958-1339014028
                                                                                                                                                                                                              • Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                              • Instruction ID: b2e31d415de998718f69610b1c465ee62ec061ce01d7727f707270b69e02c3f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9541E511A1A66245FA14EF21BB792B91295EF467C6F4C00B1DDCDCB7DADE7CE501A300
                                                                                                                                                                                                              Function 00007FF6CA231210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 756 7ff6ca231210-7ff6ca23126d call 7ff6ca23bd80 759 7ff6ca231297-7ff6ca2312af call 7ff6ca244f44 756->759 760 7ff6ca23126f-7ff6ca231296 call 7ff6ca232710 756->760 765 7ff6ca2312b1-7ff6ca2312cf call 7ff6ca244f08 call 7ff6ca232910 759->765 766 7ff6ca2312d4-7ff6ca2312e4 call 7ff6ca244f44 759->766 778 7ff6ca231439-7ff6ca23144e call 7ff6ca23ba60 call 7ff6ca244f30 * 2 765->778 772 7ff6ca231309-7ff6ca23131b 766->772 773 7ff6ca2312e6-7ff6ca231304 call 7ff6ca244f08 call 7ff6ca232910 766->773 774 7ff6ca231320-7ff6ca231345 call 7ff6ca24039c 772->774 773->778 785 7ff6ca23134b-7ff6ca231355 call 7ff6ca240110 774->785 786 7ff6ca231431 774->786 793 7ff6ca231453-7ff6ca23146d 778->793 785->786 792 7ff6ca23135b-7ff6ca231367 785->792 786->778 794 7ff6ca231370-7ff6ca231398 call 7ff6ca23a1c0 792->794 797 7ff6ca231416-7ff6ca23142c call 7ff6ca232710 794->797 798 7ff6ca23139a-7ff6ca23139d 794->798 797->786 800 7ff6ca231411 798->800 801 7ff6ca23139f-7ff6ca2313a9 798->801 800->797 802 7ff6ca2313ab-7ff6ca2313b9 call 7ff6ca240adc 801->802 803 7ff6ca2313d4-7ff6ca2313d7 801->803 807 7ff6ca2313be-7ff6ca2313c1 802->807 805 7ff6ca2313d9-7ff6ca2313e7 call 7ff6ca259e30 803->805 806 7ff6ca2313ea-7ff6ca2313ef 803->806 805->806 806->794 809 7ff6ca2313f5-7ff6ca2313f8 806->809 810 7ff6ca2313cf-7ff6ca2313d2 807->810 811 7ff6ca2313c3-7ff6ca2313cd call 7ff6ca240110 807->811 813 7ff6ca23140c-7ff6ca23140f 809->813 814 7ff6ca2313fa-7ff6ca2313fd 809->814 810->797 811->806 811->810 813->786 814->797 816 7ff6ca2313ff-7ff6ca231407 814->816 816->774
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                              • API String ID: 2050909247-2813020118
                                                                                                                                                                                                              • Opcode ID: c68ada16c8054f5beab9184a2d33c9fb43cd0d4882f5edf9030f6e60bcef94b6
                                                                                                                                                                                                              • Instruction ID: 9a4e411fe32e494504d98980bfca37ddb701cd78757532cc847bffe63eb990fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c68ada16c8054f5beab9184a2d33c9fb43cd0d4882f5edf9030f6e60bcef94b6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F510B62A0966245EA209F11F6603BA6294FF86796F4C41B1EECDC77C9EF3CE541E700
                                                                                                                                                                                                              Function 00007FF6CA2336B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF6CA233804), ref: 00007FF6CA2336E1
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6CA233804), ref: 00007FF6CA2336EB
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA232C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CA233706,?,00007FF6CA233804), ref: 00007FF6CA232C9E
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA232C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CA233706,?,00007FF6CA233804), ref: 00007FF6CA232D63
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA232C50: MessageBoxW.USER32 ref: 00007FF6CA232D99
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                              • API String ID: 3187769757-2863816727
                                                                                                                                                                                                              • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                              • Instruction ID: 84fa57ecefff04312eb0a7ab2ca787131104ccf6d8c9946146f6fe2ff3df5201
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7021A651F1D66251FA209F20FA303B62258BF95396F4841B2D6DDC36D9FE2CE605E300
                                                                                                                                                                                                              Function 00007FF6CA24BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 846 7ff6ca24ba5c-7ff6ca24ba82 847 7ff6ca24ba9d-7ff6ca24baa1 846->847 848 7ff6ca24ba84-7ff6ca24ba98 call 7ff6ca244ee8 call 7ff6ca244f08 846->848 850 7ff6ca24be77-7ff6ca24be83 call 7ff6ca244ee8 call 7ff6ca244f08 847->850 851 7ff6ca24baa7-7ff6ca24baae 847->851 866 7ff6ca24be8e 848->866 868 7ff6ca24be89 call 7ff6ca24a8e0 850->868 851->850 854 7ff6ca24bab4-7ff6ca24bae2 851->854 854->850 855 7ff6ca24bae8-7ff6ca24baef 854->855 858 7ff6ca24bb08-7ff6ca24bb0b 855->858 859 7ff6ca24baf1-7ff6ca24bb03 call 7ff6ca244ee8 call 7ff6ca244f08 855->859 864 7ff6ca24be73-7ff6ca24be75 858->864 865 7ff6ca24bb11-7ff6ca24bb17 858->865 859->868 869 7ff6ca24be91-7ff6ca24bea8 864->869 865->864 870 7ff6ca24bb1d-7ff6ca24bb20 865->870 866->869 868->866 870->859 873 7ff6ca24bb22-7ff6ca24bb47 870->873 875 7ff6ca24bb7a-7ff6ca24bb81 873->875 876 7ff6ca24bb49-7ff6ca24bb4b 873->876 877 7ff6ca24bb56-7ff6ca24bb6d call 7ff6ca244ee8 call 7ff6ca244f08 call 7ff6ca24a8e0 875->877 878 7ff6ca24bb83-7ff6ca24bbab call 7ff6ca24d5fc call 7ff6ca24a948 * 2 875->878 879 7ff6ca24bb4d-7ff6ca24bb54 876->879 880 7ff6ca24bb72-7ff6ca24bb78 876->880 907 7ff6ca24bd00 877->907 909 7ff6ca24bbad-7ff6ca24bbc3 call 7ff6ca244f08 call 7ff6ca244ee8 878->909 910 7ff6ca24bbc8-7ff6ca24bbf3 call 7ff6ca24c284 878->910 879->877 879->880 881 7ff6ca24bbf8-7ff6ca24bc0f 880->881 884 7ff6ca24bc8a-7ff6ca24bc94 call 7ff6ca25391c 881->884 885 7ff6ca24bc11-7ff6ca24bc19 881->885 896 7ff6ca24bc9a-7ff6ca24bcaf 884->896 897 7ff6ca24bd1e 884->897 885->884 888 7ff6ca24bc1b-7ff6ca24bc1d 885->888 888->884 894 7ff6ca24bc1f-7ff6ca24bc35 888->894 894->884 899 7ff6ca24bc37-7ff6ca24bc43 894->899 896->897 901 7ff6ca24bcb1-7ff6ca24bcc3 GetConsoleMode 896->901 905 7ff6ca24bd23-7ff6ca24bd43 ReadFile 897->905 899->884 903 7ff6ca24bc45-7ff6ca24bc47 899->903 901->897 906 7ff6ca24bcc5-7ff6ca24bccd 901->906 903->884 908 7ff6ca24bc49-7ff6ca24bc61 903->908 911 7ff6ca24be3d-7ff6ca24be46 GetLastError 905->911 912 7ff6ca24bd49-7ff6ca24bd51 905->912 906->905 915 7ff6ca24bccf-7ff6ca24bcf1 ReadConsoleW 906->915 918 7ff6ca24bd03-7ff6ca24bd0d call 7ff6ca24a948 907->918 908->884 919 7ff6ca24bc63-7ff6ca24bc6f 908->919 909->907 910->881 916 7ff6ca24be48-7ff6ca24be5e call 7ff6ca244f08 call 7ff6ca244ee8 911->916 917 7ff6ca24be63-7ff6ca24be66 911->917 912->911 913 7ff6ca24bd57 912->913 921 7ff6ca24bd5e-7ff6ca24bd73 913->921 923 7ff6ca24bd12-7ff6ca24bd1c 915->923 924 7ff6ca24bcf3 GetLastError 915->924 916->907 928 7ff6ca24be6c-7ff6ca24be6e 917->928 929 7ff6ca24bcf9-7ff6ca24bcfb call 7ff6ca244e7c 917->929 918->869 919->884 927 7ff6ca24bc71-7ff6ca24bc73 919->927 921->918 931 7ff6ca24bd75-7ff6ca24bd80 921->931 923->921 924->929 927->884 935 7ff6ca24bc75-7ff6ca24bc85 927->935 928->918 929->907 938 7ff6ca24bda7-7ff6ca24bdaf 931->938 939 7ff6ca24bd82-7ff6ca24bd9b call 7ff6ca24b674 931->939 935->884 942 7ff6ca24be2b-7ff6ca24be38 call 7ff6ca24b4b4 938->942 943 7ff6ca24bdb1-7ff6ca24bdc3 938->943 946 7ff6ca24bda0-7ff6ca24bda2 939->946 942->946 947 7ff6ca24bdc5 943->947 948 7ff6ca24be1e-7ff6ca24be26 943->948 946->918 950 7ff6ca24bdca-7ff6ca24bdd1 947->950 948->918 951 7ff6ca24be0d-7ff6ca24be18 950->951 952 7ff6ca24bdd3-7ff6ca24bdd7 950->952 951->948 953 7ff6ca24bdd9-7ff6ca24bde0 952->953 954 7ff6ca24bdf3 952->954 953->954 955 7ff6ca24bde2-7ff6ca24bde6 953->955 956 7ff6ca24bdf9-7ff6ca24be09 954->956 955->954 958 7ff6ca24bde8-7ff6ca24bdf1 955->958 956->950 957 7ff6ca24be0b 956->957 957->948 958->956
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                              • Instruction ID: fdd2512799341e6d04bbe64c2ab1ade80e5a9771f79090b1ca5e52c2ed1d4b11
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3C1E722A0CAA692E7619F15B6602BD3750FF81B82F5D41B1FACE87791CF7CE445A700
                                                                                                                                                                                                              Function 00007FF6CA238570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 995526605-0
                                                                                                                                                                                                              • Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                              • Instruction ID: 0b809a101d2584122eba37322f927598cc058743932bd01631c0320a2693ef9a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E221B631A0D65242EB108F15F66423AA3A4FFC17A1F584275EAEC87BE8DFBCD4459B00
                                                                                                                                                                                                              Function 00007FF6CA2390E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA238570: GetCurrentProcess.KERNEL32 ref: 00007FF6CA238590
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA238570: OpenProcessToken.ADVAPI32 ref: 00007FF6CA2385A3
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA238570: GetTokenInformation.KERNELBASE ref: 00007FF6CA2385C8
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA238570: GetLastError.KERNEL32 ref: 00007FF6CA2385D2
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA238570: GetTokenInformation.KERNELBASE ref: 00007FF6CA238612
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA238570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6CA23862E
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA238570: CloseHandle.KERNEL32 ref: 00007FF6CA238646
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,00007FF6CA233C55), ref: 00007FF6CA23916C
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,00007FF6CA233C55), ref: 00007FF6CA239175
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                              • API String ID: 6828938-1529539262
                                                                                                                                                                                                              • Opcode ID: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
                                                                                                                                                                                                              • Instruction ID: 8773cbcedcf6dd03f0a1c5d1af50597d534ca067c3a6777d555c416463747821
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90217131A0975281F610AF60F6352EA7269FF86782F484071EACDD3796DF3CD844A780
                                                                                                                                                                                                              Function 00007FF6CA237E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(00000000,?,00007FF6CA23352C,?,00000000,00007FF6CA233F1B), ref: 00007FF6CA237F32
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateDirectory
                                                                                                                                                                                                              • String ID: %.*s$%s%c$\
                                                                                                                                                                                                              • API String ID: 4241100979-1685191245
                                                                                                                                                                                                              • Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                                                                                                                                              • Instruction ID: f51d1e38329b71218790127fb711225a7e078c421d13dcd52eec953800529d61
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B831D42161AAD145EA21CF21F5203AA6358FF85BE2F480270EEED87BC9DF2CD6459700
                                                                                                                                                                                                              Function 00007FF6CA24CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6CA24CF4B), ref: 00007FF6CA24D07C
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6CA24CF4B), ref: 00007FF6CA24D107
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 953036326-0
                                                                                                                                                                                                              • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                              • Instruction ID: 151568e21c66289f7eac728af4a6ad24101ab51b1152c049523550f7eae2b4df
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7591E732F1867189F760CF65A6602BD2BA0FB44B89F584179DE8E97A85DF3CD442E700
                                                                                                                                                                                                              Function 00007FF6CA24F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                                                                              • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                              • Instruction ID: ed6cfe878f6d8e1a95c04da9d5b2a6bd0ea1ebb3f277efd689c2c4ba7446a739
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51513A72F0462186FB24CF64AA716BC37A2BF8975AF180275DD5E92AD4DF3CA402D700
                                                                                                                                                                                                              Function 00007FF6CA24577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                                                                              • Opcode ID: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
                                                                                                                                                                                                              • Instruction ID: c0c96b8d5b736c88ebbd31c8f748d435562d8e9b4b30efa1b832315a5856fe71
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F516D32E086518AFB10CF71E6603BD37A1BB48B59F188575EE8D9B689DF3CD8819740
                                                                                                                                                                                                              Function 00007FF6CA245628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                                                                              • Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                              • Instruction ID: af1b4bd1b566cf0c0d9df7365ec7bff3cfa83b811bd3e2e9c54f30cf5de2faca
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1419222E1879183F7508F61A6203797260FF947A5F149375E6DC83AD5EF7CA9E09700
                                                                                                                                                                                                              Function 00007FF6CA23CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3251591375-0
                                                                                                                                                                                                              • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                              • Instruction ID: 28a17a4c146bc2334d3ee45027a04c4cc34d18c4a4e47dd673fdb2dafa612388
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0314F25E8A12745FA24AF64B7313B92295AF42346F4C44B5E9CDC72D7DE2DE809B300
                                                                                                                                                                                                              Function 00007FF6CA24013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                              • Instruction ID: 659c8b86347cdc3499b528a364e5f7d7f79b05c4f2d86f8b06cf827fbb2b675d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1512921B0D66186F7289E65B62067EAA91BF84BA5F0C4774DDED837C5CF3CE580A700
                                                                                                                                                                                                              Function 00007FF6CA24C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                              • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                              • Instruction ID: af4fabed0ccbd3245b990db4e219b222779c53e289fe496fd161094244c3f699
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21110162708AA181DA208F29FA24069B361FB41FF1F584371EEBD8B7E9CE3CD4009700
                                                                                                                                                                                                              Function 00007FF6CA245924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6CA245839), ref: 00007FF6CA245957
                                                                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6CA245839), ref: 00007FF6CA24596D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                                                                              • Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                              • Instruction ID: a7efb3d3b37e01aaeb373c33e561bddfe4a419975b03a8748ba50d3c93f74c9c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E811913260C66292EB548F14B62103AB760FB85772F580276F6DEC19D8EF6CD814EB00
                                                                                                                                                                                                              Function 00007FF6CA24A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(?,?,?,00007FF6CA252D22,?,?,?,00007FF6CA252D5F,?,?,00000000,00007FF6CA253225,?,?,?,00007FF6CA253157), ref: 00007FF6CA24A95E
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6CA252D22,?,?,?,00007FF6CA252D5F,?,?,00000000,00007FF6CA253225,?,?,?,00007FF6CA253157), ref: 00007FF6CA24A968
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                              • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                              • Instruction ID: 57943c2cbac4d14b331f871705f70392364ebc99957a1c2ec9616f4f98e209fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33E0CD10F1961743FF045FF1B67517912506F84703F4D40B4C99DD2291ED2C6C81A710
                                                                                                                                                                                                              Function 00007FF6CA24AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CloseHandle.KERNELBASE(?,?,?,00007FF6CA24A9D5,?,?,00000000,00007FF6CA24AA8A), ref: 00007FF6CA24ABC6
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6CA24A9D5,?,?,00000000,00007FF6CA24AA8A), ref: 00007FF6CA24ABD0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseErrorHandleLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 918212764-0
                                                                                                                                                                                                              • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                              • Instruction ID: 1e942f415eace05ec60e0c5a0507a9faa5e2d96939a15cf73cae40f22fea7485
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3821F620F1C6A601FA955F51B67437916839F94792F4C42B8D9AED77C6CE6CA4406300
                                                                                                                                                                                                              Function 00007FF6CA24BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                              • Instruction ID: e2b5bee9b36911e2e54c056e3bbd0f772854b0e885eafaa2f4d3c8b66ebb7547
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D41C432A1865587EA348F29B66027D73A0EB55B82F180171FBCEC36D1CF6CE402EB51
                                                                                                                                                                                                              Function 00007FF6CA237F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                                                                              • Opcode ID: 7b0bfe6dda5be6348f5dea9afb2976fe88cae53a5ed3d6ba0ce225c2e8636390
                                                                                                                                                                                                              • Instruction ID: 5ce5dfffc9cac928758fb371ed40234fd6127d1d148890a33fb3db461c7f6af1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b0bfe6dda5be6348f5dea9afb2976fe88cae53a5ed3d6ba0ce225c2e8636390
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A21E721B1967146FA109F2276283BA9655FF46BC5F8C4470EECD8BB86CE7DE141D300
                                                                                                                                                                                                              Function 00007FF6CA24B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
                                                                                                                                                                                                              • Instruction ID: 05a6c784e1eb9331d7e93f045b0846c642de92926f1fa47337c3d3324a32db3a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD31F732A18A3282F7115F55A66037C2690BF94B92F5A01B5F99DC33D2CF7CE441AB11
                                                                                                                                                                                                              Function 00007FF6CA245F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                              • Instruction ID: aa574a1d83d8ad1990589aac1186ddc84a06097408b37327212e3a8dd7b5b63d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3711B732A1C66182FA619F11B62017DA260BF95B85F4D4471EBCCD7B96CF3CEC00A701
                                                                                                                                                                                                              Function 00007FF6CA256354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                              • Instruction ID: fa6b17a07b7de0c1914c92c695d88caab16652f37c2e77c54dfd19bc68443086
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF219232A18A9187EB618F18E6507B976A0FB84F65F1C4234EA9EC76D9DF3CD4019B00
                                                                                                                                                                                                              Function 00007FF6CA2403BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                              • Instruction ID: 8253911e552ceb22d589ac951cc7c532ae86640f0ada3d698b3110f96a49153f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E301C821A0876541E904DF527A11079A691BF85FE1F4C4671DEDCA7BD6CE3CD4416700
                                                                                                                                                                                                              Function 00007FF6CA247EFC Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                              • Instruction ID: d8fa7b77cb3e6f1723aed4f865129a36ca26dce6f82c4f246edd61606df13a49
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C019E20E1DAB380FEA06F21B7211791590AF507D2F5E46F5EAECC2AC6DF3CA4416B00
                                                                                                                                                                                                              Function 00007FF6CA248238 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                              • Instruction ID: 678177b73f928caad9a9136b66de913ea7bea406a425b72830b257e8ff041009
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BE08C50E2CA6687FA117FA427A617910608FA5342F8905B0E988D62C3DD2C7C447B21
                                                                                                                                                                                                              Function 00007FF6CA24EB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,00000000,00007FF6CA24B32A,?,?,?,00007FF6CA244F11,?,?,?,?,00007FF6CA24A48A), ref: 00007FF6CA24EBED
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                              • Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                              • Instruction ID: 7756c86ee9a7316252c0d49692c7eb656410e56a73e233e7ffb5921c4ae05638
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4DF06D54B0962781FE585EA5BA752F812A66F88B82F4C95B0CD8FC63C1ED1CE481A210
                                                                                                                                                                                                              Function 00007FF6CA24D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,?,00007FF6CA240C90,?,?,?,00007FF6CA2422FA,?,?,?,?,?,00007FF6CA243AE9), ref: 00007FF6CA24D63A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                              • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                              • Instruction ID: ac7a4f90ffa28351082c1698c3c23ae594dbac09f11fb10285c021a71f71c4b4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00F05810F0822781FE642FB17A3127812905F887A2F0C07B0DDAEC62C6EE2CB480B610

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00007FF6CA235830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA235840
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA235852
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA235889
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA23589B
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA2358B4
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA2358C6
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA2358DF
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA2358F1
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA23590D
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA23591F
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA23593B
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA23594D
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA235969
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA23597B
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA235997
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA2359A9
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA2359C5
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6CA2364CF,?,00007FF6CA23336E), ref: 00007FF6CA2359D7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                                                                                                              • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                              • API String ID: 199729137-653951865
                                                                                                                                                                                                              • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                              • Instruction ID: 62ecb2db6e049866b788886c90486b185c754ac6bcb30502d2a8834223158f27
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE22C360A0AB2785FA499F51BA345B433A5BF05747F8C54B6C4DEC2668FF7CA188B300
                                                                                                                                                                                                              Function 00007FF6CA2540AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                              • API String ID: 808467561-2761157908
                                                                                                                                                                                                              • Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                              • Instruction ID: 4073ec7a26ea3360d37180549239f8c251783691600baa7df70b976014b7c2a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1B21972E182A24BE7248E64E6607FC77A2FB54349F485175DA4D97A8CDF3CE900EB40
                                                                                                                                                                                                              Function 00007FF6CA2383C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,00007FF6CA238919,00007FF6CA233F9D), ref: 00007FF6CA23842B
                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?,00007FF6CA238919,00007FF6CA233F9D), ref: 00007FF6CA2384AE
                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,00007FF6CA238919,00007FF6CA233F9D), ref: 00007FF6CA2384CD
                                                                                                                                                                                                              • FindNextFileW.KERNEL32(?,00007FF6CA238919,00007FF6CA233F9D), ref: 00007FF6CA2384DB
                                                                                                                                                                                                              • FindClose.KERNEL32(?,00007FF6CA238919,00007FF6CA233F9D), ref: 00007FF6CA2384EC
                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?,00007FF6CA238919,00007FF6CA233F9D), ref: 00007FF6CA2384F5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                              • String ID: %s\*
                                                                                                                                                                                                              • API String ID: 1057558799-766152087
                                                                                                                                                                                                              • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                              • Instruction ID: 0a93a2b103cc318cfdf13fc858947ab40d03d2ff32e129c0d2314e2715520697
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8241B221A0E96291EE609F20F6681BA7364FB95752F480272DADDC7AC8FF3CD549D700
                                                                                                                                                                                                              Function 00007FF6CA23ACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                              • API String ID: 0-2665694366
                                                                                                                                                                                                              • Opcode ID: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
                                                                                                                                                                                                              • Instruction ID: ab549d5d0c316faea37129f22418969f045c81d0b9ba496846cfdd47a2f829ff
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB52F272A196B94BD7A48F14E668B7D3BADEB45341F098179E6CA83780DF3DD800DB00
                                                                                                                                                                                                              Function 00007FF6CA23D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                                                                              • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                              • Instruction ID: af190c02b418f9eb6f044e7321e637b15eb7dacbf87f4210d0bd58f01755548c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98316176609B9186EB608F60F8503ED3364FB85705F48443ADA8D87B98EF3CC548D710
                                                                                                                                                                                                              Function 00007FF6CA24A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                                                                              • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                              • Instruction ID: 101f4bedeb88f7580d28394fd72c3006bc9df18ea247f6512d4e497b318d5bb8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF31A036618B9586EB20CF24F8502AE33A4FB88759F580135EACD83B98EF3CC545DB00
                                                                                                                                                                                                              Function 00007FF6CA251874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2227656907-0
                                                                                                                                                                                                              • Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                              • Instruction ID: c76f87c8f123a12adb0e3ff61bc5c170f1a2860d816c9098a7820d062331aecc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CB1D522B186A241EA65AF21B7201B97391FF45BE6F484171EADD87BC9EE3CE441D300
                                                                                                                                                                                                              Function 00007FF6CA23D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                              • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                              • Instruction ID: 8473f87b5dfb47f9f3fa87edf6a5853b0b4beebe77927842317d550e5a39ba99
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1114C22B15B15CAEB008F70E9642B933A4FB19759F080E31DAADC6BA8EF3CD1548340
                                                                                                                                                                                                              Function 00007FF6CA253C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy_s
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1502251526-0
                                                                                                                                                                                                              • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                              • Instruction ID: ef9b2ae024cfcc64c1a457fe2ee0ea256e98fc0e7e7534a9ba90f31354f3953d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59C13872B1829A87D724CF15F16466AB7A1F794B85F589134DB8E83B48DF3DE800DB40
                                                                                                                                                                                                              Function 00007FF6CA23A47B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                              • API String ID: 0-1127688429
                                                                                                                                                                                                              • Opcode ID: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
                                                                                                                                                                                                              • Instruction ID: fbeb4ce20c600227abc314e8e28e989cadcb5eaae7659344a75c82440078d0b9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBF1D472A0A3E94BE7A58F05D1A8A3E3AADEF46741F094178DAC987390CF7DD441E740
                                                                                                                                                                                                              Function 00007FF6CA259728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 15204871-0
                                                                                                                                                                                                              • Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                              • Instruction ID: 3c9fb4efdcbcff90d6430253f4ba6c56a609b88f7790697a825e9efbf1cd11cc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46B17D73A04B998BEB19CF29D95636C3BA0F744B48F188961DA9D837A8CF3DD451E700
                                                                                                                                                                                                              Function 00007FF6CA2439A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $
                                                                                                                                                                                                              • API String ID: 0-227171996
                                                                                                                                                                                                              • Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                              • Instruction ID: f2ba08514ce719f68ab70e5d1b33b2bbbf4abbb3f4c666d6f0682d63d8c8d156
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1AE1B532A0866686EB68CF25E26013D33A0FF45B4AF1C4975DA8E87794DF2DE851E740
                                                                                                                                                                                                              Function 00007FF6CA23A2DB Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                              • API String ID: 0-900081337
                                                                                                                                                                                                              • Opcode ID: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
                                                                                                                                                                                                              • Instruction ID: 17d7ae4530a58aaa33e411ad93964f06e37776e0d8677c2cd40ed04900b29714
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D91B972A092D987E7A48E14E668B3E3AADFB46351F054179DACA87780CF3DE540DB00
                                                                                                                                                                                                              Function 00007FF6CA24DEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: e+000$gfff
                                                                                                                                                                                                              • API String ID: 0-3030954782
                                                                                                                                                                                                              • Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                              • Instruction ID: 1f347191d26aab54b7d2e2d73bc38b1b7538c0c97c43d90861b6374d81e2feba
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD517822B182E586E7358E35AA207A97B91F744B95F4CD272CBEC87AC5CF3DE0009700
                                                                                                                                                                                                              Function 00007FF6CA24DA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: gfffffff
                                                                                                                                                                                                              • API String ID: 0-1523873471
                                                                                                                                                                                                              • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                              • Instruction ID: ae7664f8074d6d8151a60491b71dee580f35925ed9c07c0b406008aa5b200d27
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9BA14663A0C7EA86EB21CF25F5207AA7B91EB51B84F088172DE8D87785DE3DD501D701
                                                                                                                                                                                                              Function 00007FF6CA248794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: TMP
                                                                                                                                                                                                              • API String ID: 3215553584-3125297090
                                                                                                                                                                                                              • Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                              • Instruction ID: 611978c3ee0da304c4f1b3c9244b658e0830d74f71ffe3785d3be7b4b49b9671
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F51D411F2866641FA64AF267B3917A5290EF44BD6F4C40B4DE8ED77D6EE3CE4426300
                                                                                                                                                                                                              Function 00007FF6CA253480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                                                              • Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                              • Instruction ID: 2f55091fbc7f38b9a36148f06795d90fa7daa2873160e1493d3277717d38d8d8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1AB09220E07A16C2EA082F21BD9222822A47F48702F9C01B8C19CC0334EE2C29E56710
                                                                                                                                                                                                              Function 00007FF6CA2435A0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                              • Instruction ID: 6bc070757b75e27ddd263c808afa63a3379b68944a5320991bd868ad132d91ca
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5D1F976E0866386FB688E29A26023D27A0EF05B49F1C0A75CE8D877D5DF3DD845E740
                                                                                                                                                                                                              Function 00007FF6CA239800 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                              • Instruction ID: 652dc55c07611d6b190d32b322d8504c968ba4ad12a774b2057cccb7a467d288
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBC182762181E08BD289EB29E47947A73D1F78A30EB99406BEF87477C5CB3CA514E710
                                                                                                                                                                                                              Function 00007FF6CA242C10 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                              • Instruction ID: f8486d5729fe9f7aa261ea64b77b033649514a4bd841506d1c8753f86a22caf8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4DB18E72A08B6585E765CF3AE16023C3BA4EB49F49F2901B5CA8E87395CF3DE441E744
                                                                                                                                                                                                              Function 00007FF6CA24E570 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                              • Instruction ID: 350937db26d64caecca604808b52160d7e7fbf8a35d0b2de7bee0a11fd1b24ee
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6881F672A0879146FB74CF19B6603BA7AA1FB45794F188275DACD87B99DF3CE4009B00
                                                                                                                                                                                                              Function 00007FF6CA256418 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
                                                                                                                                                                                                              • Instruction ID: 380d002c1ebd625f3ba988ceca95c8a4d8d696705bece4c9d59c65959b125747
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4061CB22E1C57246F7748E68B670ABD7581BF40761F5C42B9D69DC36CDDE6DE800A700
                                                                                                                                                                                                              Function 00007FF6CA242164 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                              • Instruction ID: d1c3c0e777f290de61de3504f1f6627795c556a8b0dbdce7ca723cc0394c38f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00518236A1866182E7248F2AE56423837A1EB54B59F2C4171CECD87795CF3EE843E740
                                                                                                                                                                                                              Function 00007FF6CA241944 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                              • Instruction ID: 3bd2d27d25a49b0a1e1eafc2f870d476f43e83157ef38ce52b5787b8634e99f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A518436A1867186E7288F29E26023837A1EB44B59F284171CECD97794DF3EE843E740
                                                                                                                                                                                                              Function 00007FF6CA241D54 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                              • Instruction ID: 4bb076023e9c44eeb84bb398df6be75be41b29db55ffbf96837a99aca8c2da69
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61518276A18A61C2E7248F29E16033837A0EB55B69F284171CECD97794CF3EE853E740
                                                                                                                                                                                                              Function 00007FF6CA241B50 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                              • Instruction ID: 8b53d9bc837e2deb35445549700ef8dbcdf4824c064c1f00813fca8d593c5183
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B51A476B18A6182E7248F29E56033837A1EB44F59F284171CE8C97794DF3EE883E740
                                                                                                                                                                                                              Function 00007FF6CA241F60 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                              • Instruction ID: 79be65910aa117c30825fb293f880885696d0ff627446bacadb8bad76c4747f5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4451C336B1866181E7248F2AE16023837A0EB54B59F295171CE8D977A5DF3EE843E740
                                                                                                                                                                                                              Function 00007FF6CA241740 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                              • Instruction ID: 3a1124613127dfad47af6b3aee3dfc78c52b3307d4d43168cd5534a59276efc5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8518136B1866186E7248F29E26023877A1EB45B59F2C4171CE8D97795CF3EE842F780
                                                                                                                                                                                                              Function 00007FF6CA245D30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                              • Instruction ID: 11b4f88c1160612072621ed67ed2f7405ad5508e5869822169c0b9dd409b249c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D141D662D0DF6A85E9AA8D1C17286B427C09F127A2D5C12F4DDED973C3CD1DAD86D100
                                                                                                                                                                                                              Function 00007FF6CA249EA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                              • Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                              • Instruction ID: d7e109056cfd11d4a061f0d654fc61f4cfb802c591b6edea1fd0e40adbb7b5a7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66410972718A6582EF04CF6AEA2416973A1FB48FD0B4DA436EE4DD7B58DE3DD4429300
                                                                                                                                                                                                              Function 00007FF6CA2480E4 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                              • Instruction ID: ec6d49af50ce79d8a4e4614c0263e919a3b7c45c3afd2dd0afdf9d5049d55ee9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D031D232B18B5242E7649F257A5013EBAD5EB84BD1F184279EACE93BD5DF3CD001A704
                                                                                                                                                                                                              Function 00007FF6CA259570 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                              • Instruction ID: 6ee269f66192f65e49a89b8dc8b68e5baabe00263e50764391797f3820fa836f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47F044717192A58ADBA88F69B51262977D0F708381F44A079E5CDC3A44DE3C91A19F44
                                                                                                                                                                                                              Function 00007FF6CA23D30C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                              • Instruction ID: e59043343e52b26bc998c47a8a7cd7ef7e2c8370960f4184c96d9b4996dab1a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9DA0012591D86AD0E6448F10FAA01652224BB55302B8804B1E08DD20A4AE2CA814A611
                                                                                                                                                                                                              Function 00007FF6CA2376C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                                                                                                              • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                              • API String ID: 199729137-3427451314
                                                                                                                                                                                                              • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                              • Instruction ID: 025f9e579ed79124a028d87bbf2114955a5b83e6731c93ef696e1880216bf0aa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C602B320A0AB2791EA14DF55BA3467533A5BF05747F8C40B5D8EEC2668FF3CB589A201
                                                                                                                                                                                                              Function 00007FF6CA2381D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA239390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6CA2345F4,00000000,00007FF6CA231985), ref: 00007FF6CA2393C9
                                                                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(?,00007FF6CA2386B7,?,?,00000000,00007FF6CA233CBB), ref: 00007FF6CA23822C
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA232810: MessageBoxW.USER32 ref: 00007FF6CA2328EA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                              • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                              • API String ID: 1662231829-930877121
                                                                                                                                                                                                              • Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                              • Instruction ID: 221a37dfcec56133cae8e0038a4f6f1b12a72220feeeee65d2ff0536c0027589
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E51D911A1E6A241FA50DF21FA752B92264FF95782F4C44B1DACEC76D9EE3CE105A700
                                                                                                                                                                                                              Function 00007FF6CA232180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                              • String ID: P%
                                                                                                                                                                                                              • API String ID: 2147705588-2959514604
                                                                                                                                                                                                              • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                              • Instruction ID: 9a1790bc8622c38a9c22579eda11b5d2be54bbe1870c21aea4f6ed7e5f706404
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3751C7266187A186D6349F26B4281BAB7A1F798B62F044125EFDE83694EF3CD045DB10
                                                                                                                                                                                                              Function 00007FF6CA2380C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                              • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                              • API String ID: 3975851968-2863640275
                                                                                                                                                                                                              • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                              • Instruction ID: 6f1fd25bd869f51e9e8a954f1feaa9f180bc9dbaffa0a96b6958254009879529
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3921B421B09A5281E7418F7AFA681797254FF89B92F5C41B0DFDDC7798EE2CD5809200
                                                                                                                                                                                                              Function 00007FF6CA246290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: -$:$f$p$p
                                                                                                                                                                                                              • API String ID: 3215553584-2013873522
                                                                                                                                                                                                              • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                              • Instruction ID: 14a549ba2081a5914cb32a16e3cb87f8b20277b60b3e35bb35c8608e92e6502c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B129571E0C26386FB245E14F364AF97692FB50B52F8C4176E6C986AC4DF3CE584AB04
                                                                                                                                                                                                              Function 00007FF6CA240FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: f$f$p$p$f
                                                                                                                                                                                                              • API String ID: 3215553584-1325933183
                                                                                                                                                                                                              • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                              • Instruction ID: 6c793fdcb800c0dde27462fcab0e9a1b267799786f9484fdf33caf5c33d613da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B129462E0C56386FB249F14F2642B976A1FB80756F8C4075E6DAC6AC4DF7CE480BB10
                                                                                                                                                                                                              Function 00007FF6CA231050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                              • Opcode ID: 44d3663ac886a74f27bf0299a60bdb2a17e78e9504a320c07c927e36cc87db77
                                                                                                                                                                                                              • Instruction ID: 6af418c37dc5074952818fa17ee0a17a1eb692647d11fb0cd56b28fe90b58cac
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44d3663ac886a74f27bf0299a60bdb2a17e78e9504a320c07c927e36cc87db77
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C041C661B1967282EE00DF12BA205B96398FF45BC6F5C44B1EECD87789DE3CE501A740
                                                                                                                                                                                                              Function 00007FF6CA231470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                              • Opcode ID: ba66df6895bd2fe50a7fbf599ddcec943e173133a1bf7a4519d7db8308d256bf
                                                                                                                                                                                                              • Instruction ID: d8d5c12e96ee9db938552ae36cf7ab5701a2873529e61ea8bc83a06a3a9fe7a2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba66df6895bd2fe50a7fbf599ddcec943e173133a1bf7a4519d7db8308d256bf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1941B362A0A66286EF00DF21B6201B97394FF45785F4C44B2EDCD87B99EE3CE502A700
                                                                                                                                                                                                              Function 00007FF6CA23EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                              • API String ID: 849930591-393685449
                                                                                                                                                                                                              • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                              • Instruction ID: 0be3c8fbfdcce083af44f8ee739114a90ce6d3ac42f8aed283a96f09b4793d9e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63D19022A097518AEB209F25A6603AD37B9FB46799F080175EFCD97795CF3CE054D700
                                                                                                                                                                                                              Function 00007FF6CA24ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF6CA24F0AA,?,?,000001F8625E86A8,00007FF6CA24AD53,?,?,?,00007FF6CA24AC4A,?,?,?,00007FF6CA245F3E), ref: 00007FF6CA24EE8C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF6CA24F0AA,?,?,000001F8625E86A8,00007FF6CA24AD53,?,?,?,00007FF6CA24AC4A,?,?,?,00007FF6CA245F3E), ref: 00007FF6CA24EE98
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                              • API String ID: 3013587201-537541572
                                                                                                                                                                                                              • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                              • Instruction ID: e9be8c387bf4c732153cb257dce94193bcbb294b0fdeee15609ba4e5a1ce3f3f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37411821B19A2281FB15CF16BA205B563A5BF49BE1F8C8175DD9DC7788EF3CE445A300
                                                                                                                                                                                                              Function 00007FF6CA232C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CA233706,?,00007FF6CA233804), ref: 00007FF6CA232C9E
                                                                                                                                                                                                              • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CA233706,?,00007FF6CA233804), ref: 00007FF6CA232D63
                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF6CA232D99
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                              • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                              • API String ID: 3940978338-251083826
                                                                                                                                                                                                              • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                              • Instruction ID: b3b470d54ce86bd46ae7dc784dcfb2ecb52bbd66138e31ee45f0ac5ca04cc5ae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0311822708B6042E6209F25B9202BA7695BF9978AF440136EFCDD3759EF3CD506D700
                                                                                                                                                                                                              Function 00007FF6CA23DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF6CA23DF7A,?,?,?,00007FF6CA23DC6C,?,?,?,00007FF6CA23D869), ref: 00007FF6CA23DD4D
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6CA23DF7A,?,?,?,00007FF6CA23DC6C,?,?,?,00007FF6CA23D869), ref: 00007FF6CA23DD5B
                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF6CA23DF7A,?,?,?,00007FF6CA23DC6C,?,?,?,00007FF6CA23D869), ref: 00007FF6CA23DD85
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF6CA23DF7A,?,?,?,00007FF6CA23DC6C,?,?,?,00007FF6CA23D869), ref: 00007FF6CA23DDF3
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF6CA23DF7A,?,?,?,00007FF6CA23DC6C,?,?,?,00007FF6CA23D869), ref: 00007FF6CA23DDFF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                                                                              • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                              • Instruction ID: 39d1730e2814799c118570e3f02f9cff80047c3d9de8e6c0925afaba8e5ad582
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1531D226B1BA2681EE119F02B6205B53398FF09BA1F4D4975DDDE87784EE3CE4409210
                                                                                                                                                                                                              Function 00007FF6CA236360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                              • API String ID: 2050909247-2434346643
                                                                                                                                                                                                              • Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                                                                                                                                              • Instruction ID: 2ee3b42b5df78c983c65975d87f0dc71d6338be15598bf31e7fc1c171052ab05
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2641C631A1A6A6A1EA20DF11F6341EA7319FF55356F8801B2DADC83699EF3CE505D340
                                                                                                                                                                                                              Function 00007FF6CA232A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6CA23351A,?,00000000,00007FF6CA233F1B), ref: 00007FF6CA232AA0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                              • API String ID: 2050909247-2900015858
                                                                                                                                                                                                              • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                              • Instruction ID: 34a00c5474bcd0559cc9714b767b3e262d5b58dbc774deff16f38a970dcaa8d9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE21A132A19B9182E720DF51B9517E67398FB88785F440172EECC93659EF3CD2459740
                                                                                                                                                                                                              Function 00007FF6CA24B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                              • Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                              • Instruction ID: c9c358dfc36fbfbb5ae55258288ee9edc83e3b864556f32e7ef58f944f37692b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC214F20A0D26241FA655F21777513D62525F84BB2F0C46B4E9BEC6BCADD2CA801B300
                                                                                                                                                                                                              Function 00007FF6CA257D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                                                                              • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                              • Instruction ID: 9fb212c0fb97ed648dcaf2793eee6a6ea76e391c78b94ba80988d5b4ee35d7c7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5119321B18B5186E7508F12F96433973A0FB88BE5F184274EA9DC7798EF3CD8148740
                                                                                                                                                                                                              Function 00007FF6CA238ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF6CA233FA9), ref: 00007FF6CA238EFD
                                                                                                                                                                                                              • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF6CA233FA9), ref: 00007FF6CA238F5A
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA239390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6CA2345F4,00000000,00007FF6CA231985), ref: 00007FF6CA2393C9
                                                                                                                                                                                                              • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6CA233FA9), ref: 00007FF6CA238FE5
                                                                                                                                                                                                              • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6CA233FA9), ref: 00007FF6CA239044
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6CA233FA9), ref: 00007FF6CA239055
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6CA233FA9), ref: 00007FF6CA23906A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3462794448-0
                                                                                                                                                                                                              • Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                              • Instruction ID: d61dddf2a4a0525dbf1f20652c4dd3fb39c48bc858b9138dbe79fadc67d9b15b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F541C862A1A69181EA309F51B6202BA7398FB86BC2F484175DFCD97B89DE3CD504E700
                                                                                                                                                                                                              Function 00007FF6CA24B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6CA244F11,?,?,?,?,00007FF6CA24A48A,?,?,?,?,00007FF6CA24718F), ref: 00007FF6CA24B2D7
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6CA244F11,?,?,?,?,00007FF6CA24A48A,?,?,?,?,00007FF6CA24718F), ref: 00007FF6CA24B30D
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6CA244F11,?,?,?,?,00007FF6CA24A48A,?,?,?,?,00007FF6CA24718F), ref: 00007FF6CA24B33A
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6CA244F11,?,?,?,?,00007FF6CA24A48A,?,?,?,?,00007FF6CA24718F), ref: 00007FF6CA24B34B
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6CA244F11,?,?,?,?,00007FF6CA24A48A,?,?,?,?,00007FF6CA24718F), ref: 00007FF6CA24B35C
                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF6CA244F11,?,?,?,?,00007FF6CA24A48A,?,?,?,?,00007FF6CA24718F), ref: 00007FF6CA24B377
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                              • Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                              • Instruction ID: bc99608c4d34a3ef0d05c14ca90c5e8b8bd251ac51f7895e203de16af588cfc8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0115120A0D67282F6655F22777113D25529F84BB2F0C47B4E9AEC7BDADE2CA8016700
                                                                                                                                                                                                              Function 00007FF6CA232910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6CA231B6A), ref: 00007FF6CA23295E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                              • API String ID: 2050909247-2962405886
                                                                                                                                                                                                              • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                              • Instruction ID: 67eb26512be7d026a7d11798ea67ea68b27ff2e395ebcd0578d25de195d1c74c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24312622B1969142E7109F61BA602E67294BF897D6F480132EECDC3749EF3CD5469700
                                                                                                                                                                                                              Function 00007FF6CA232390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                              • String ID: Unhandled exception in script
                                                                                                                                                                                                              • API String ID: 3081866767-2699770090
                                                                                                                                                                                                              • Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                              • Instruction ID: d4cdab99911309d460d52cf54f07749e60b2c18d0aea13a97f88439956be4e7c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68316F72619A9289EB20DF61FA652F97360FF89789F480175EE8D87B49DF3CD1049700
                                                                                                                                                                                                              Function 00007FF6CA232B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6CA23918F,?,00007FF6CA233C55), ref: 00007FF6CA232BA0
                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF6CA232C2A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentMessageProcess
                                                                                                                                                                                                              • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                              • API String ID: 1672936522-3797743490
                                                                                                                                                                                                              • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                              • Instruction ID: f6d08b272059da4aafd1e4ff6b494022e7a5460df8e1e7debc3856ff872a7367
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E921DE62B09B5182E7209F14F9607AA73A4FB88781F440136EECD97759EE3CD205C740
                                                                                                                                                                                                              Function 00007FF6CA232710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6CA231B99), ref: 00007FF6CA232760
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                              • API String ID: 2050909247-1591803126
                                                                                                                                                                                                              • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                              • Instruction ID: f67879893626b977e98ad44d6cafbda5dbf29de8fbaad8592ac07418821bbab3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4219F72A1AB9182E620DF50BA517E67294BB88385F440131EECD93659EF7CD1459B40
                                                                                                                                                                                                              Function 00007FF6CA249A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                              • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                              • Instruction ID: 637e0a57a61ac3fcbdecfaa90054fe6c09eca81cfce499ac5cfdd8a5ba8796b1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31F0AF21A0972681EE148F20F56437A2320FF457A2F480275CAEEC66E8DF2CD084E300
                                                                                                                                                                                                              Function 00007FF6CA259368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                              • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                              • Instruction ID: e405ad62a9b9cf7e679e4234e227185c4537a86c26fab44f78424bd6c38e27f1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D119332D58A2291F65819D9F7B13793140BF58361F0C06B4FAEE863DE8E6CA8417100
                                                                                                                                                                                                              Function 00007FF6CA24B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF6CA24A5A3,?,?,00000000,00007FF6CA24A83E,?,?,?,?,?,00007FF6CA24A7CA), ref: 00007FF6CA24B3AF
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6CA24A5A3,?,?,00000000,00007FF6CA24A83E,?,?,?,?,?,00007FF6CA24A7CA), ref: 00007FF6CA24B3CE
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6CA24A5A3,?,?,00000000,00007FF6CA24A83E,?,?,?,?,?,00007FF6CA24A7CA), ref: 00007FF6CA24B3F6
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6CA24A5A3,?,?,00000000,00007FF6CA24A83E,?,?,?,?,?,00007FF6CA24A7CA), ref: 00007FF6CA24B407
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6CA24A5A3,?,?,00000000,00007FF6CA24A83E,?,?,?,?,?,00007FF6CA24A7CA), ref: 00007FF6CA24B418
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                              • Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                              • Instruction ID: 1b19ea97371048503ec7d28abda8374317b731fd750783cfe97686e33e3b8b7f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8117220F0D62241FA699F25777117915515F84BB2F4C53B4E8BEC6BCADD2CA8426200
                                                                                                                                                                                                              Function 00007FF6CA24B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                              • Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                              • Instruction ID: 20ca45559286075f3728e50ee596164747b734661565e26ab829c5afbc7cba92
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD110320E0D22741FA69AF717B3117E11524F85B32F0C57B4E9BECA6C6DD2CB8417201
                                                                                                                                                                                                              Function 00007FF6CA245FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: verbose
                                                                                                                                                                                                              • API String ID: 3215553584-579935070
                                                                                                                                                                                                              • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                              • Instruction ID: b7a50a776722145a6e9d53419ba7a51efd0a8caaace0df43207277360c842e29
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA91E332A08A6681F7658E24E670BBD7791AB40B96F4C4172DADDC73D5DF3CE805A300
                                                                                                                                                                                                              Function 00007FF6CA24FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                                                                              • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                              • Instruction ID: aba44d03a11e9c15162b1779f285a358871dd12a5be31dee4738f10a245a33dd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E81B272E0C662C5F7769E29E33027826A0AB91F46F5D40B5CA89D7289CF2DE901F701
                                                                                                                                                                                                              Function 00007FF6CA23D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                              • API String ID: 2395640692-1018135373
                                                                                                                                                                                                              • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                              • Instruction ID: bb26b17918e9504716ff72c01dcd15ef4f41bf40642ac9bea5bb8052cd1ed1c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA51B23AB1A6228ADB14CF15F2646383399FB45B99F184570DACD87748DF7CE841D700
                                                                                                                                                                                                              Function 00007FF6CA23F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                              • API String ID: 3896166516-3733052814
                                                                                                                                                                                                              • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                              • Instruction ID: dd5b9a381066348dda50f1275adb2af47e73c0f74e559a4ca462ac260073e7ea
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A251933290939286DB748E21B26426937A8FB56B86F1881B5DFCD8BB95CF3CE450D701
                                                                                                                                                                                                              Function 00007FF6CA23EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                                                                              • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                              • Instruction ID: 5f59caee5fe4cfd47554f183084f7b596aea023c525721de032d745779066979
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C618C32909B8585EA308F15F5503AAB7A4FB86785F084265EBDC87B99CF7CD094CB00
                                                                                                                                                                                                              Function 00007FF6CA232810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message
                                                                                                                                                                                                              • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                              • API String ID: 2030045667-255084403
                                                                                                                                                                                                              • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                              • Instruction ID: 1620e72384396188138c47d8fe7fb7f84e992ed34da5392db2b564973838c992
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7121DE62B09B5182E7209F14F9607EA73A4FB88781F480136EECD97759EE3CD649D740
                                                                                                                                                                                                              Function 00007FF6CA24C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2718003287-0
                                                                                                                                                                                                              • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                              • Instruction ID: f9ad0427f76fdf564c9dc385b92998e1c02c95e5ba6ea48ed63a22ad3661ea03
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8ED1F073B18A918AE711CF69E6502BC37B1FB54799B084276DE8E97B89DE3CD006D700
                                                                                                                                                                                                              Function 00007FF6CA2320C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1956198572-0
                                                                                                                                                                                                              • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                              • Instruction ID: c0b3a2d80e252ed26362699b6cb3d78c0f44cd637a3a84b0819ef7851b3d30e3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1211E921A1C16242FA548F69F7642796255FB95782F4C8070DFC947B8EDD2DD8C5A300
                                                                                                                                                                                                              Function 00007FF6CA255B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                                                                              • Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                              • Instruction ID: 60aa3c2dcbae7fdf5bba6f27feba60b5ef6f26d1399e59fbc0b81776d0fed8b9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8414B12A0866242F7208F65F6253797761FB81BA6F184275EEDC86ADDDF3CD4419700
                                                                                                                                                                                                              Function 00007FF6CA249014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6CA249046
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA24A948: RtlFreeHeap.NTDLL(?,?,?,00007FF6CA252D22,?,?,?,00007FF6CA252D5F,?,?,00000000,00007FF6CA253225,?,?,?,00007FF6CA253157), ref: 00007FF6CA24A95E
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA24A948: GetLastError.KERNEL32(?,?,?,00007FF6CA252D22,?,?,?,00007FF6CA252D5F,?,?,00000000,00007FF6CA253225,?,?,?,00007FF6CA253157), ref: 00007FF6CA24A968
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6CA23CBA5), ref: 00007FF6CA249064
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\lcc222.exe
                                                                                                                                                                                                              • API String ID: 3580290477-4246969382
                                                                                                                                                                                                              • Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                              • Instruction ID: a27837eb0a36c4663bf37c7e13c7336f944bc04ef1eef81f75ccf08053763e37
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD418E32A08B2286EB15DF65FA600BD67A4EF457D1B5D5075E98EC3B85DE3CE481E300
                                                                                                                                                                                                              Function 00007FF6CA24CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                                                                              • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                              • Instruction ID: d2c094cd13175d0983a0a8fd6591154e1f64469828152a1116f8db36421babc0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9441BF33B19A5185DB608F29F5543AA67A0FB88785F884131EE8EC7B98EF3CD401D740
                                                                                                                                                                                                              Function 00007FF6CA24F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                                                                                              • Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                              • Instruction ID: 131b2c576ab7b6806a12430df4b30652d4316db0d1ed563056d0418112db7dae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB21F262A086A181FB219F11E16427D73B1FBC8F45F8A8079DADD83684DF7CE9449B40
                                                                                                                                                                                                              Function 00007FF6CA23FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                                                                              • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                              • Instruction ID: dc5f1d3522bfb406838f4bc41bc71fd1e5e0acbe37341d59ea7025b8a0ebf80b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3114C32609B9582EB218F15F51426977E4FB88B85F184270DACD4B758DF3CC551C700
                                                                                                                                                                                                              Function 00007FF6CA25073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2638909733.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638891833.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638939214.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2638963003.00007FF6CA272000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2639004978.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                              • API String ID: 2595371189-336475711
                                                                                                                                                                                                              • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                              • Instruction ID: cd0807f72c5525176f79d54f60f097275d1ca068749a20b39f9e503803ee7bdc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E01842291C61286F7309F60B97127E73A0FF48746F880475D5CEC2685EE2CE504AB14

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFBBB6D10C0 Relevance: 694.3, APIs: 203, Strings: 193, Instructions: 1313networkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642984002.00007FFBBB6D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFBBB6D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642968550.00007FFBBB6D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642999969.00007FFBBB6D9000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643016252.00007FFBBB6E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643031110.00007FFBBB6E3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbb6d0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_$Constant$String$Object$Err_$ConditionFromMask$DeallocException$Capsule_DictDict_ExitFormatInfoLongLong_MallocMem_MemoryMetaclassStartupTypeType_Unicode_UnsignedVerifyVersionmemset
                                                                                                                                                                                                              • String ID: 00000000-0000-0000-0000-000000000000$00:00:00:00:00:00$00:00:00:FF:FF:FF$90DB8B89-0D35-4F79-8CE9-49EA0AC8B7CD$A42E7CDA-D03F-480C-9CC2-A4DE20ABB878$AF_APPLETALK$AF_BLUETOOTH$AF_DECnet$AF_HYPERV$AF_INET$AF_INET6$AF_IPX$AF_IRDA$AF_LINK$AF_SNA$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_NUMERICHOST$AI_NUMERICSERV$AI_PASSIVE$AI_V4MAPPED$BDADDR_ANY$BDADDR_LOCAL$BTPROTO_RFCOMM$CAPI$E0E16197-DD56-4A10-9195-5EE7A155A838$EAI_AGAIN$EAI_BADFLAGS$EAI_FAIL$EAI_FAMILY$EAI_MEMORY$EAI_NODATA$EAI_NONAME$EAI_SERVICE$EAI_SOCKTYPE$FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF$HVSOCKET_ADDRESS_FLAG_PASSTHRU$HVSOCKET_CONNECTED_SUSPEND$HVSOCKET_CONNECT_TIMEOUT$HVSOCKET_CONNECT_TIMEOUT_MAX$HV_GUID_BROADCAST$HV_GUID_CHILDREN$HV_GUID_LOOPBACK$HV_GUID_PARENT$HV_GUID_WILDCARD$HV_GUID_ZERO$HV_PROTOCOL_RAW$INADDR_ALLHOSTS_GROUP$INADDR_ANY$INADDR_BROADCAST$INADDR_LOOPBACK$INADDR_MAX_LOCAL_GROUP$INADDR_NONE$INADDR_UNSPEC_GROUP$IPPORT_RESERVED$IPPORT_USERRESERVED$IPPROTO_AH$IPPROTO_CBT$IPPROTO_DSTOPTS$IPPROTO_EGP$IPPROTO_ESP$IPPROTO_FRAGMENT$IPPROTO_GGP$IPPROTO_HOPOPTS$IPPROTO_ICLFXBM$IPPROTO_ICMP$IPPROTO_ICMPV6$IPPROTO_IDP$IPPROTO_IGMP$IPPROTO_IGP$IPPROTO_IP$IPPROTO_IPV4$IPPROTO_IPV6$IPPROTO_L2TP$IPPROTO_MAX$IPPROTO_ND$IPPROTO_NONE$IPPROTO_PGM$IPPROTO_PIM$IPPROTO_PUP$IPPROTO_RAW$IPPROTO_RDP$IPPROTO_ROUTING$IPPROTO_SCTP$IPPROTO_ST$IPPROTO_TCP$IPPROTO_UDP$IPV6_CHECKSUM$IPV6_DONTFRAG$IPV6_HOPLIMIT$IPV6_HOPOPTS$IPV6_JOIN_GROUP$IPV6_LEAVE_GROUP$IPV6_MULTICAST_HOPS$IPV6_MULTICAST_IF$IPV6_MULTICAST_LOOP$IPV6_PKTINFO$IPV6_RECVRTHDR$IPV6_RECVTCLASS$IPV6_RTHDR$IPV6_TCLASS$IPV6_UNICAST_HOPS$IPV6_V6ONLY$IP_ADD_MEMBERSHIP$IP_ADD_SOURCE_MEMBERSHIP$IP_BLOCK_SOURCE$IP_DROP_MEMBERSHIP$IP_DROP_SOURCE_MEMBERSHIP$IP_HDRINCL$IP_MULTICAST_IF$IP_MULTICAST_LOOP$IP_MULTICAST_TTL$IP_OPTIONS$IP_PKTINFO$IP_RECVDSTADDR$IP_RECVTOS$IP_TOS$IP_TTL$IP_UNBLOCK_SOURCE$MSG_BCAST$MSG_CTRUNC$MSG_DONTROUTE$MSG_ERRQUEUE$MSG_MCAST$MSG_OOB$MSG_PEEK$MSG_TRUNC$MSG_WAITALL$NI_DGRAM$NI_MAXHOST$NI_MAXSERV$NI_NAMEREQD$NI_NOFQDN$NI_NUMERICHOST$NI_NUMERICSERV$RCVALL_MAX$RCVALL_OFF$RCVALL_ON$RCVALL_SOCKETLEVELONLY$SHUT_RD$SHUT_RDWR$SHUT_WR$SIO_KEEPALIVE_VALS$SIO_LOOPBACK_FAST_PATH$SIO_RCVALL$SOCK_DGRAM$SOCK_RAW$SOCK_RDM$SOCK_SEQPACKET$SOCK_STREAM$SOL_IP$SOL_SOCKET$SOL_TCP$SOL_UDP$SOMAXCONN$SO_ACCEPTCONN$SO_BROADCAST$SO_DEBUG$SO_DONTROUTE$SO_ERROR$SO_EXCLUSIVEADDRUSE$SO_KEEPALIVE$SO_LINGER$SO_OOBINLINE$SO_RCVBUF$SO_RCVLOWAT$SO_RCVTIMEO$SO_REUSEADDR$SO_SNDBUF$SO_SNDLOWAT$SO_SNDTIMEO$SO_TYPE$SO_USELOOPBACK$SocketType$TCP_FASTOPEN$TCP_KEEPCNT$TCP_KEEPIDLE$TCP_KEEPINTVL$TCP_MAXSEG$TCP_NODELAY$WSAStartup failed: error code %d$WSAStartup failed: network not ready$WSAStartup failed: requested version not supported$_socket.CAPI$error$gaierror$has_ipv6$herror$socket.gaierror$socket.herror$timeout
                                                                                                                                                                                                              • API String ID: 1196102948-1188461360
                                                                                                                                                                                                              • Opcode ID: 0fb31f2eee656220925b4e47e62874025d6cd115870c459d51081d29a567eca9
                                                                                                                                                                                                              • Instruction ID: a36e214b547be35c6caefe9c196a1bae1963bb09c51b1ea1bb2065c1d3593b84
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fb31f2eee656220925b4e47e62874025d6cd115870c459d51081d29a567eca9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9DD2B3A0F08B1395F6108F3AEC54365A654BF45BC4F84D139CA1F866B4EF6DEA08E349
                                                                                                                                                                                                              Function 00007FFBAB701A0F Relevance: 144.4, APIs: 74, Strings: 8, Instructions: 858COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_new$R_set_debug$O_free$D_get_sizeO_memcmpR_clear_last_markR_get_flagsR_set_markX_get0_cipherX_get0_md
                                                                                                                                                                                                              • String ID: $..\s\ssl\record\ssl3_record.c$CONNE$GET $HEAD $POST $PUT $ssl3_get_record
                                                                                                                                                                                                              • API String ID: 2283737721-2781224710
                                                                                                                                                                                                              • Opcode ID: 40243567b0c9e5d0b1d25a9c0806e483eb2da45cb6c3cb4bcf6ca79101e842da
                                                                                                                                                                                                              • Instruction ID: a18d1ee76dc77d3ba9216f0a6f2871e474d08471ef430080daf1964655dec382
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40243567b0c9e5d0b1d25a9c0806e483eb2da45cb6c3cb4bcf6ca79101e842da
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F48299F1A0AA8282FB6B9B31D4403B932A0EB45745F54C036DE6D477B5CFBEE9958700
                                                                                                                                                                                                              Function 00007FF6CA231000 Relevance: 60.0, APIs: 6, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 682 7ff6ca231000-7ff6ca233806 call 7ff6ca23fe18 call 7ff6ca23fe20 call 7ff6ca23c850 call 7ff6ca2453f0 call 7ff6ca245484 call 7ff6ca2336b0 696 7ff6ca233808-7ff6ca23380f 682->696 697 7ff6ca233814-7ff6ca233836 call 7ff6ca231950 682->697 698 7ff6ca233c97-7ff6ca233cb2 call 7ff6ca23c550 696->698 702 7ff6ca23383c-7ff6ca233856 call 7ff6ca231c80 697->702 703 7ff6ca23391b-7ff6ca233931 call 7ff6ca2345c0 697->703 707 7ff6ca23385b-7ff6ca23389b call 7ff6ca238830 702->707 710 7ff6ca23396a-7ff6ca23397f call 7ff6ca232710 703->710 711 7ff6ca233933-7ff6ca233960 call 7ff6ca237f90 703->711 716 7ff6ca23389d-7ff6ca2338a3 707->716 717 7ff6ca2338c1-7ff6ca2338cc call 7ff6ca244f30 707->717 719 7ff6ca233c8f 710->719 723 7ff6ca233984-7ff6ca2339a6 call 7ff6ca231c80 711->723 724 7ff6ca233962-7ff6ca233965 call 7ff6ca24004c 711->724 720 7ff6ca2338af-7ff6ca2338bd call 7ff6ca2389a0 716->720 721 7ff6ca2338a5-7ff6ca2338ad 716->721 731 7ff6ca2339fc-7ff6ca233a2a call 7ff6ca238940 call 7ff6ca2389a0 * 3 717->731 732 7ff6ca2338d2-7ff6ca2338e1 call 7ff6ca238830 717->732 719->698 720->717 721->720 734 7ff6ca2339b0-7ff6ca2339b9 723->734 724->710 758 7ff6ca233a2f-7ff6ca233a3e call 7ff6ca238830 731->758 739 7ff6ca2338e7-7ff6ca2338ed 732->739 740 7ff6ca2339f4-7ff6ca2339f7 call 7ff6ca244f30 732->740 734->734 738 7ff6ca2339bb-7ff6ca2339d8 call 7ff6ca231950 734->738 738->707 750 7ff6ca2339de-7ff6ca2339ef call 7ff6ca232710 738->750 743 7ff6ca2338f0-7ff6ca2338fc 739->743 740->731 747 7ff6ca2338fe-7ff6ca233903 743->747 748 7ff6ca233905-7ff6ca233908 743->748 747->743 747->748 748->740 751 7ff6ca23390e-7ff6ca233916 call 7ff6ca244f30 748->751 750->719 751->758 761 7ff6ca233a44-7ff6ca233a47 758->761 762 7ff6ca233b45-7ff6ca233b53 758->762 761->762 765 7ff6ca233a4d-7ff6ca233a50 761->765 763 7ff6ca233b59-7ff6ca233b5d 762->763 764 7ff6ca233a67 762->764 766 7ff6ca233a6b-7ff6ca233a90 call 7ff6ca244f30 763->766 764->766 767 7ff6ca233a56-7ff6ca233a5a 765->767 768 7ff6ca233b14-7ff6ca233b17 765->768 776 7ff6ca233aab-7ff6ca233ac0 766->776 777 7ff6ca233a92-7ff6ca233aa6 call 7ff6ca238940 766->777 767->768 770 7ff6ca233a60 767->770 771 7ff6ca233b19-7ff6ca233b1d 768->771 772 7ff6ca233b2f-7ff6ca233b40 call 7ff6ca232710 768->772 770->764 771->772 775 7ff6ca233b1f-7ff6ca233b2a 771->775 780 7ff6ca233c7f-7ff6ca233c87 772->780 775->766 781 7ff6ca233be8-7ff6ca233bfa call 7ff6ca238830 776->781 782 7ff6ca233ac6-7ff6ca233aca 776->782 777->776 780->719 790 7ff6ca233bfc-7ff6ca233c02 781->790 791 7ff6ca233c2e 781->791 784 7ff6ca233bcd-7ff6ca233be2 call 7ff6ca231940 782->784 785 7ff6ca233ad0-7ff6ca233ae8 call 7ff6ca245250 782->785 784->781 784->782 795 7ff6ca233aea-7ff6ca233b02 call 7ff6ca245250 785->795 796 7ff6ca233b62-7ff6ca233b7a call 7ff6ca245250 785->796 793 7ff6ca233c1e-7ff6ca233c2c 790->793 794 7ff6ca233c04-7ff6ca233c1c 790->794 797 7ff6ca233c31-7ff6ca233c40 call 7ff6ca244f30 791->797 793->797 794->797 795->784 806 7ff6ca233b08-7ff6ca233b0f 795->806 804 7ff6ca233b87-7ff6ca233b9f call 7ff6ca245250 796->804 805 7ff6ca233b7c-7ff6ca233b80 796->805 807 7ff6ca233c46-7ff6ca233c4a 797->807 808 7ff6ca233d41-7ff6ca233d63 call 7ff6ca2344e0 797->808 821 7ff6ca233bac-7ff6ca233bc4 call 7ff6ca245250 804->821 822 7ff6ca233ba1-7ff6ca233ba5 804->822 805->804 806->784 811 7ff6ca233c50-7ff6ca233c5f call 7ff6ca2390e0 807->811 812 7ff6ca233cd4-7ff6ca233ce6 call 7ff6ca238830 807->812 819 7ff6ca233d71-7ff6ca233d82 call 7ff6ca231c80 808->819 820 7ff6ca233d65-7ff6ca233d6f call 7ff6ca234630 808->820 823 7ff6ca233c61 811->823 824 7ff6ca233cb3-7ff6ca233cbd call 7ff6ca238660 811->824 825 7ff6ca233ce8-7ff6ca233ceb 812->825 826 7ff6ca233d35-7ff6ca233d3c 812->826 833 7ff6ca233d87-7ff6ca233d96 819->833 820->833 821->784 836 7ff6ca233bc6 821->836 822->821 830 7ff6ca233c68 call 7ff6ca232710 823->830 846 7ff6ca233cc8-7ff6ca233ccf 824->846 847 7ff6ca233cbf-7ff6ca233cc6 824->847 825->826 831 7ff6ca233ced-7ff6ca233d10 call 7ff6ca231c80 825->831 826->830 842 7ff6ca233c6d-7ff6ca233c77 830->842 848 7ff6ca233d2b-7ff6ca233d33 call 7ff6ca244f30 831->848 849 7ff6ca233d12-7ff6ca233d26 call 7ff6ca232710 call 7ff6ca244f30 831->849 839 7ff6ca233d98-7ff6ca233d9f 833->839 840 7ff6ca233dbc-7ff6ca233dd2 call 7ff6ca239390 833->840 836->784 839->840 844 7ff6ca233da1-7ff6ca233da5 839->844 854 7ff6ca233de0-7ff6ca233dfc SetDllDirectoryW 840->854 855 7ff6ca233dd4 840->855 842->780 844->840 850 7ff6ca233da7-7ff6ca233db6 LoadLibraryExW 844->850 846->833 847->830 848->833 849->842 850->840 856 7ff6ca233ef9-7ff6ca233f00 854->856 857 7ff6ca233e02-7ff6ca233e11 call 7ff6ca238830 854->857 855->854 862 7ff6ca233f06-7ff6ca233f0d 856->862 863 7ff6ca234000-7ff6ca234008 856->863 870 7ff6ca233e2a-7ff6ca233e34 call 7ff6ca244f30 857->870 871 7ff6ca233e13-7ff6ca233e19 857->871 862->863 868 7ff6ca233f13-7ff6ca233f1d call 7ff6ca2333c0 862->868 864 7ff6ca23402d-7ff6ca234038 call 7ff6ca2336a0 call 7ff6ca233360 863->864 865 7ff6ca23400a-7ff6ca234027 PostMessageW GetMessageW 863->865 882 7ff6ca23403d-7ff6ca23405f call 7ff6ca233670 call 7ff6ca236fc0 call 7ff6ca236d70 864->882 865->864 868->842 878 7ff6ca233f23-7ff6ca233f37 call 7ff6ca2390c0 868->878 883 7ff6ca233eea-7ff6ca233ef4 call 7ff6ca238940 870->883 884 7ff6ca233e3a-7ff6ca233e40 870->884 875 7ff6ca233e1b-7ff6ca233e23 871->875 876 7ff6ca233e25-7ff6ca233e27 871->876 875->876 876->870 889 7ff6ca233f39-7ff6ca233f56 PostMessageW GetMessageW 878->889 890 7ff6ca233f5c-7ff6ca233f9f call 7ff6ca238940 call 7ff6ca2389e0 call 7ff6ca236fc0 call 7ff6ca236d70 call 7ff6ca2388e0 878->890 883->856 884->883 888 7ff6ca233e46-7ff6ca233e4c 884->888 892 7ff6ca233e57-7ff6ca233e59 888->892 893 7ff6ca233e4e-7ff6ca233e50 888->893 889->890 930 7ff6ca233fed-7ff6ca233ffb call 7ff6ca231900 890->930 931 7ff6ca233fa1-7ff6ca233fb7 call 7ff6ca238ed0 call 7ff6ca2388e0 890->931 892->856 894 7ff6ca233e5f-7ff6ca233e7b call 7ff6ca236dc0 call 7ff6ca237340 892->894 893->894 897 7ff6ca233e52 893->897 909 7ff6ca233e86-7ff6ca233e8d 894->909 910 7ff6ca233e7d-7ff6ca233e84 894->910 897->856 913 7ff6ca233ea7-7ff6ca233eb1 call 7ff6ca2371b0 909->913 914 7ff6ca233e8f-7ff6ca233e9c call 7ff6ca236e00 909->914 912 7ff6ca233ed3-7ff6ca233ee8 call 7ff6ca232a50 call 7ff6ca236fc0 call 7ff6ca236d70 910->912 912->856 926 7ff6ca233ebc-7ff6ca233eca call 7ff6ca2374f0 913->926 927 7ff6ca233eb3-7ff6ca233eba 913->927 914->913 925 7ff6ca233e9e-7ff6ca233ea5 914->925 925->912 926->856 937 7ff6ca233ecc 926->937 927->912 930->842 931->930 943 7ff6ca233fb9-7ff6ca233fce 931->943 937->912 944 7ff6ca233fe8 call 7ff6ca232a50 943->944 945 7ff6ca233fd0-7ff6ca233fe3 call 7ff6ca232710 call 7ff6ca231900 943->945 944->930 945->842
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                              • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                              • API String ID: 2776309574-4232158417
                                                                                                                                                                                                              • Opcode ID: 0fbc70c4027613d0d861555d20556e9b1b6679d528821aa3e7ef290c14fd0fef
                                                                                                                                                                                                              • Instruction ID: 26f0a8af55233ae32664367f59453ee5d92876ca20b597313ea8dfb8b0c7b71a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fbc70c4027613d0d861555d20556e9b1b6679d528821aa3e7ef290c14fd0fef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB327221A0E6A291FA15DF21B7743B92259BF46742F4C40B2DACDC76D6EF2CE654E300
                                                                                                                                                                                                              Function 00007FFBB1888D64 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 171threadCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1205 7ffbb1888d64-7ffbb1888d8a 1207 7ffbb1888e45-7ffbb1888e47 1205->1207 1208 7ffbb1888d90-7ffbb1888da2 PyWeakref_GetObject 1205->1208 1209 7ffbb1888e4a 1207->1209 1208->1209 1210 7ffbb1888da8-7ffbb1888daf 1208->1210 1211 7ffbb1888e4d 1209->1211 1212 7ffbb1888dd7-7ffbb1888ddc 1210->1212 1213 7ffbb1888db1-7ffbb1888dd2 call 7ffbb1886598 1210->1213 1216 7ffbb1888e50-7ffbb1888e81 PyEval_SaveThread SSL_do_handshake call 7ffbb1884a84 1211->1216 1214 7ffbb1888dde 1212->1214 1215 7ffbb1888de0-7ffbb1888e2f SSL_get_rbio BIO_ctrl SSL_get_wbio BIO_ctrl 1212->1215 1221 7ffbb1888f96 1213->1221 1214->1215 1215->1211 1218 7ffbb1888e31-7ffbb1888e43 _PyDeadline_Init 1215->1218 1222 7ffbb1888e86-7ffbb1888ec0 PyEval_RestoreThread PyErr_CheckSignals 1216->1222 1218->1216 1223 7ffbb1888f98-7ffbb1888faf 1221->1223 1224 7ffbb1888f76-7ffbb1888f79 1222->1224 1225 7ffbb1888ec6-7ffbb1888ec9 1222->1225 1226 7ffbb1888f7b-7ffbb1888f7d 1224->1226 1227 7ffbb1888f8e-7ffbb1888f91 call 7ffbb1883d88 1224->1227 1228 7ffbb1888ed7-7ffbb1888ede 1225->1228 1229 7ffbb1888ecb-7ffbb1888ed4 _PyDeadline_Get 1225->1229 1226->1227 1230 7ffbb1888f7f-7ffbb1888f83 1226->1230 1227->1221 1232 7ffbb1888ee4-7ffbb1888ee7 1228->1232 1233 7ffbb1888ee0-7ffbb1888ee2 1228->1233 1229->1228 1230->1227 1234 7ffbb1888f85-7ffbb1888f88 _Py_Dealloc 1230->1234 1235 7ffbb1888ee9 1232->1235 1236 7ffbb1888f0e-7ffbb1888f11 1232->1236 1237 7ffbb1888eec-7ffbb1888efa call 7ffbb188431c 1233->1237 1234->1227 1235->1237 1236->1216 1239 7ffbb1888f17-7ffbb1888f1a 1236->1239 1242 7ffbb1888fb0-7ffbb1888fc1 1237->1242 1243 7ffbb1888f00-7ffbb1888f03 1237->1243 1239->1216 1241 7ffbb1888f20-7ffbb1888f23 1239->1241 1244 7ffbb1888f25-7ffbb1888f27 1241->1244 1245 7ffbb1888f38-7ffbb1888f45 1241->1245 1249 7ffbb1888f70 PyErr_SetString 1242->1249 1246 7ffbb1888f05-7ffbb1888f08 1243->1246 1247 7ffbb1888f5d 1243->1247 1244->1245 1248 7ffbb1888f29-7ffbb1888f2d 1244->1248 1250 7ffbb1888fc3-7ffbb1888fd8 call 7ffbb1883d88 1245->1250 1251 7ffbb1888f47-7ffbb1888f52 call 7ffbb1883e8c 1245->1251 1253 7ffbb1888f54-7ffbb1888f5b 1246->1253 1254 7ffbb1888f0a-7ffbb1888f0c 1246->1254 1252 7ffbb1888f64-7ffbb1888f6c 1247->1252 1248->1245 1255 7ffbb1888f2f-7ffbb1888f32 _Py_Dealloc 1248->1255 1249->1224 1250->1223 1251->1223 1252->1249 1253->1252 1254->1236 1254->1241 1255->1245
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Deadline_DeallocErr_Eval_O_ctrlThread$CheckInitL_do_handshakeL_get_rbioL_get_wbioObjectR_clear_errorR_peek_last_errorRestoreSaveSignalsStringWeakref_
                                                                                                                                                                                                              • String ID: Underlying socket connection gone$_ssl.c:983: The handshake operation timed out$_ssl.c:987: Underlying socket has been closed.$_ssl.c:991: Underlying socket too large for select().
                                                                                                                                                                                                              • API String ID: 3614085790-1145532335
                                                                                                                                                                                                              • Opcode ID: 2a2fc378391615102e05e0459d1ac40276342dd4846b43765815e56d16aa5ae9
                                                                                                                                                                                                              • Instruction ID: 96194c92200d91db020c2a4c2cbb125b57414d7beb3ffe07c42184d3fe7d1997
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a2fc378391615102e05e0459d1ac40276342dd4846b43765815e56d16aa5ae9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA6151B1A38A4286EB609F39EC4457963A2BF86B9CF244531DF0E87794DE3CE441C318
                                                                                                                                                                                                              Function 00007FF6CA256964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1617910340-0
                                                                                                                                                                                                              • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                              • Instruction ID: 6afba807dd90e894914cb199a28122321289ee419155c669c4dae40b2e23f796
                                                                                                                                                                                                              • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49C10232B28A5186EB10CFA4E6A06AC3761FB49B99F094275DE9E973D8DF3CD451D300
                                                                                                                                                                                                              Function 00007FFBBB6D50C0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47threadnetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642984002.00007FFBBB6D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFBBB6D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642968550.00007FFBBB6D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642999969.00007FFBBB6D9000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643016252.00007FFBBB6E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643031110.00007FFBBB6E3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbb6d0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_Thread$AuditErr_FormatRestoreSaveSys_bind
                                                                                                                                                                                                              • String ID: bind$socket.bind
                                                                                                                                                                                                              • API String ID: 1695574521-187351271
                                                                                                                                                                                                              • Opcode ID: c772f091d13961e78706c3e49babb2eae7ea45e540c7b9e2188f6b33e05915ab
                                                                                                                                                                                                              • Instruction ID: 2620fd9a04bf9ad691b30f20a7377638f95f5deecc660bb10dbcb708c98eb91f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c772f091d13961e78706c3e49babb2eae7ea45e540c7b9e2188f6b33e05915ab
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B11F4A1608B8281E6209B75FC543AAB364FF49B84F048131DB4E47B65DF3CE904E744
                                                                                                                                                                                                              Function 00007FF6CA239280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                              • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                              • Instruction ID: c9d90f875458c6cbb8d05e6a22720aac926403337f9a21ec9f1cc6742a2dcf48
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0F0C822E1975186F7A08FA0B5A87767354BB85725F084335D9ED43AD4DF3CD048EA00
                                                                                                                                                                                                              Function 00007FFBAB701C1C Relevance: 70.6, APIs: 37, Strings: 3, Instructions: 608COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug$memcpy$L_cleanseO_clear_flagsO_set_flags
                                                                                                                                                                                                              • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number %d$ssl3_read_bytes
                                                                                                                                                                                                              • API String ID: 480058824-3615793073
                                                                                                                                                                                                              • Opcode ID: 6ce1f1e6ab867371c9ac5fdbcfd9244af31884eb36a4143032fe0f8282fb1a6d
                                                                                                                                                                                                              • Instruction ID: 2da7e8a048304256e1cdd0b2289f3bd12bfcd56d59c8edcd435ae069169e5a41
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ce1f1e6ab867371c9ac5fdbcfd9244af31884eb36a4143032fe0f8282fb1a6d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6152ADB1A0A68282FB6A9B35D4407BD3695EF45B45F54C035DE6E17AB6CFBDE880C300
                                                                                                                                                                                                              Function 00007FFBB18821C0 Relevance: 64.9, APIs: 18, Strings: 19, Instructions: 124COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_$ObjectWith$Err_Exception$Dealloc$BasesFromPackSpecStateTuple_Type_
                                                                                                                                                                                                              • String ID: A certificate could not be verified.$Non-blocking SSL socket needs to read more databefore the requested operation can be completed.$Non-blocking SSL socket needs to write more databefore the requested operation can be completed.$SSL/TLS connection terminated abruptly.$SSL/TLS session closed cleanly.$SSLCertVerificationError$SSLEOFError$SSLError$SSLSyscallError$SSLWantReadError$SSLWantWriteError$SSLZeroReturnError$System error when attempting SSL operation.$ssl.SSLCertVerificationError$ssl.SSLEOFError$ssl.SSLSyscallError$ssl.SSLWantReadError$ssl.SSLWantWriteError$ssl.SSLZeroReturnError
                                                                                                                                                                                                              • API String ID: 2091157252-1330971811
                                                                                                                                                                                                              • Opcode ID: 411483db4054dc33e524f39d660640a41efa878ed41251ade0944e393b998699
                                                                                                                                                                                                              • Instruction ID: a3f0b1a6d0f70dfad9833d75ddeefe93b531418fd9018ad00eeb0d228850679b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 411483db4054dc33e524f39d660640a41efa878ed41251ade0944e393b998699
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90512BE1A39B4381EB109F39ED5466827A2FF46B9CF405535CB0E976A4EF2CE545C308
                                                                                                                                                                                                              Function 00007FFBBB6D718C Relevance: 54.5, APIs: 24, Strings: 7, Instructions: 260threadCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 951 7ffbbb6d718c-7ffbbb6d7230 _PyArg_ParseTupleAndKeywords_SizeT 952 7ffbbb6d7236-7ffbbb6d7241 951->952 953 7ffbbb6d754e 951->953 955 7ffbbb6d7248-7ffbbb6d7256 952->955 956 7ffbbb6d7243-7ffbbb6d7246 952->956 954 7ffbbb6d7550-7ffbbb6d7570 953->954 958 7ffbbb6d7258-7ffbbb6d726e PyUnicode_AsEncodedString 955->958 959 7ffbbb6d727a-7ffbbb6d727e 955->959 957 7ffbbb6d7291-7ffbbb6d72a0 956->957 963 7ffbbb6d72a2-7ffbbb6d72b1 PyObject_Str 957->963 964 7ffbbb6d72bc-7ffbbb6d72c6 957->964 958->953 960 7ffbbb6d7274-7ffbbb6d7278 958->960 961 7ffbbb6d7537-7ffbbb6d7548 PyErr_SetString 959->961 962 7ffbbb6d7284-7ffbbb6d728a PyBytes_AsString 959->962 965 7ffbbb6d728d 960->965 961->953 962->965 966 7ffbbb6d72b7-7ffbbb6d72ba 963->966 967 7ffbbb6d74f4-7ffbbb6d74f7 963->967 968 7ffbbb6d72e7-7ffbbb6d72eb 964->968 969 7ffbbb6d72c8 964->969 965->957 972 7ffbbb6d72cb-7ffbbb6d72d7 PyUnicode_AsUTF8 966->972 970 7ffbbb6d74f9-7ffbbb6d74fc 967->970 971 7ffbbb6d750d-7ffbbb6d7510 967->971 973 7ffbbb6d72f3-7ffbbb6d72fa 968->973 974 7ffbbb6d72ed-7ffbbb6d72f1 968->974 969->972 970->971 977 7ffbbb6d74fe-7ffbbb6d7502 970->977 978 7ffbbb6d7526-7ffbbb6d752d 971->978 979 7ffbbb6d7512-7ffbbb6d7515 971->979 972->967 980 7ffbbb6d72dd-7ffbbb6d72e5 972->980 975 7ffbbb6d7300 973->975 976 7ffbbb6d74dd-7ffbbb6d74ee PyErr_SetString 973->976 981 7ffbbb6d7303-7ffbbb6d7331 PySys_Audit 974->981 975->981 976->967 977->971 983 7ffbbb6d7504-7ffbbb6d7507 _Py_Dealloc 977->983 978->953 985 7ffbbb6d752f-7ffbbb6d7535 freeaddrinfo 978->985 979->978 984 7ffbbb6d7517-7ffbbb6d751b 979->984 980->981 981->953 982 7ffbbb6d7337-7ffbbb6d738b PyEval_SaveThread getaddrinfo PyEval_RestoreThread 981->982 986 7ffbbb6d73a2-7ffbbb6d73b0 PyList_New 982->986 987 7ffbbb6d738d-7ffbbb6d739d call 7ffbbb6d4abc 982->987 983->971 984->978 988 7ffbbb6d751d-7ffbbb6d7520 _Py_Dealloc 984->988 985->953 986->967 990 7ffbbb6d73b6-7ffbbb6d73bd 986->990 987->967 988->978 992 7ffbbb6d746a-7ffbbb6d746d 990->992 993 7ffbbb6d73c3-7ffbbb6d73da call 7ffbbb6d4864 990->993 994 7ffbbb6d7483-7ffbbb6d7486 992->994 995 7ffbbb6d746f-7ffbbb6d7472 992->995 1003 7ffbbb6d74c6-7ffbbb6d74ca 993->1003 1004 7ffbbb6d73e0-7ffbbb6d741d _Py_BuildValue_SizeT 993->1004 998 7ffbbb6d7488-7ffbbb6d748b 994->998 999 7ffbbb6d749c-7ffbbb6d74a3 994->999 995->994 997 7ffbbb6d7474-7ffbbb6d7478 995->997 997->994 1001 7ffbbb6d747a-7ffbbb6d747d _Py_Dealloc 997->1001 998->999 1002 7ffbbb6d748d-7ffbbb6d7491 998->1002 1005 7ffbbb6d74a5 freeaddrinfo 999->1005 1006 7ffbbb6d74ab-7ffbbb6d74ae 999->1006 1001->994 1002->999 1008 7ffbbb6d7493-7ffbbb6d7496 _Py_Dealloc 1002->1008 1003->967 1007 7ffbbb6d74cc-7ffbbb6d74d0 1003->1007 1009 7ffbbb6d742f-7ffbbb6d7432 1004->1009 1010 7ffbbb6d741f-7ffbbb6d7424 1004->1010 1005->1006 1006->954 1007->967 1011 7ffbbb6d74d2-7ffbbb6d74db _Py_Dealloc 1007->1011 1008->999 1009->1003 1013 7ffbbb6d7438-7ffbbb6d7448 PyList_Append 1009->1013 1010->1009 1012 7ffbbb6d7426-7ffbbb6d7429 _Py_Dealloc 1010->1012 1011->967 1012->1009 1014 7ffbbb6d744a-7ffbbb6d744c 1013->1014 1015 7ffbbb6d74b3-7ffbbb6d74b5 1013->1015 1017 7ffbbb6d745d-7ffbbb6d7464 1014->1017 1018 7ffbbb6d744e-7ffbbb6d7452 1014->1018 1015->1003 1016 7ffbbb6d74b7-7ffbbb6d74bb 1015->1016 1016->1003 1019 7ffbbb6d74bd-7ffbbb6d74c0 _Py_Dealloc 1016->1019 1017->992 1017->993 1018->1017 1020 7ffbbb6d7454-7ffbbb6d7457 _Py_Dealloc 1018->1020 1019->1003 1020->1017
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642984002.00007FFBBB6D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFBBB6D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642968550.00007FFBBB6D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642999969.00007FFBBB6D9000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643016252.00007FFBBB6E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643031110.00007FFBBB6E3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbb6d0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$String$Err_Eval_List_SizeThreadUnicode_freeaddrinfo$AppendArg_AuditBuildEncodedKeywords_Object_ParseRestoreSaveSys_TupleValue_getaddrinfo
                                                                                                                                                                                                              • String ID: Int or String expected$OOiii$OO|iiii:getaddrinfo$getaddrinfo() argument 1 must be string or None$idna$iiisO$socket.getaddrinfo
                                                                                                                                                                                                              • API String ID: 3469260611-1074899869
                                                                                                                                                                                                              • Opcode ID: 2f423c6ffa71151a3adb167c7cdb8e101b5c9d8c3bce7bb13a85d95737d9847a
                                                                                                                                                                                                              • Instruction ID: 5a19d0b2850882dc09c6137c624dc179f290d2451f9a35c79b4c63a2d46eef8b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f423c6ffa71151a3adb167c7cdb8e101b5c9d8c3bce7bb13a85d95737d9847a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0C13BB2A0864286EB19CF79DC545B8B7A0BB48B84F048135DF5F527A4DF3CE944E709
                                                                                                                                                                                                              Function 00007FFBB1888384 Relevance: 47.4, APIs: 22, Strings: 5, Instructions: 195threadCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1021 7ffbb1888384-7ffbb18883e6 _errno 1022 7ffbb18883e8-7ffbb18883eb 1021->1022 1023 7ffbb1888412-7ffbb1888421 PyUnicode_FSConverter 1021->1023 1024 7ffbb1888449-7ffbb1888458 PyUnicode_FSConverter 1022->1024 1025 7ffbb18883ed-7ffbb18883f0 1022->1025 1026 7ffbb1888423-7ffbb1888435 PyErr_ExceptionMatches 1023->1026 1027 7ffbb1888444-7ffbb1888447 1023->1027 1028 7ffbb188845a-7ffbb188846c PyErr_ExceptionMatches 1024->1028 1029 7ffbb188847b-7ffbb188847e 1024->1029 1030 7ffbb18883f6 1025->1030 1031 7ffbb1888480-7ffbb1888491 1025->1031 1032 7ffbb188843b-7ffbb1888442 1026->1032 1033 7ffbb1888602 1026->1033 1027->1024 1027->1029 1028->1033 1034 7ffbb1888472-7ffbb1888479 1028->1034 1029->1031 1036 7ffbb18884fb-7ffbb18884fe 1029->1036 1039 7ffbb18883fd-7ffbb188840d PyErr_SetString 1030->1039 1037 7ffbb1888493-7ffbb188849f PyUnicode_AsASCIIString 1031->1037 1038 7ffbb1888512-7ffbb188851a PyObject_CheckBuffer 1031->1038 1032->1039 1035 7ffbb1888604-7ffbb188860b 1033->1035 1034->1039 1042 7ffbb188860d-7ffbb1888610 1035->1042 1043 7ffbb188861e-7ffbb1888625 1035->1043 1046 7ffbb1888504-7ffbb1888507 1036->1046 1047 7ffbb188858c-7ffbb1888597 1036->1047 1044 7ffbb18884c5-7ffbb18884de call 7ffbb1884d4c 1037->1044 1045 7ffbb18884a1-7ffbb18884b3 PyErr_ExceptionMatches 1037->1045 1040 7ffbb18884b9-7ffbb18884c0 1038->1040 1041 7ffbb188851c-7ffbb188852e PyObject_GetBuffer 1038->1041 1039->1033 1040->1039 1041->1033 1049 7ffbb1888534-7ffbb1888542 PyBuffer_IsContiguous 1041->1049 1042->1043 1050 7ffbb1888612-7ffbb1888616 1042->1050 1051 7ffbb1888627-7ffbb188862a 1043->1051 1052 7ffbb1888638-7ffbb188865e 1043->1052 1064 7ffbb18884ee-7ffbb18884f2 1044->1064 1065 7ffbb18884e0-7ffbb18884e3 1044->1065 1045->1033 1045->1040 1046->1035 1048 7ffbb188850d 1046->1048 1054 7ffbb1888599-7ffbb188859d 1047->1054 1055 7ffbb18885a1-7ffbb18885c7 PyEval_SaveThread SSL_CTX_load_verify_locations PyEval_RestoreThread 1047->1055 1048->1054 1056 7ffbb1888544-7ffbb1888547 1049->1056 1057 7ffbb1888576-7ffbb1888587 PyBuffer_Release 1049->1057 1050->1043 1058 7ffbb1888618 _Py_Dealloc 1050->1058 1051->1052 1059 7ffbb188862c-7ffbb1888630 1051->1059 1054->1055 1055->1035 1061 7ffbb18885c9-7ffbb18885d2 _errno 1055->1061 1056->1057 1062 7ffbb1888549-7ffbb188856e call 7ffbb1884d4c PyBuffer_Release 1056->1062 1057->1039 1058->1043 1059->1052 1063 7ffbb1888632 _Py_Dealloc 1059->1063 1066 7ffbb18885d4-7ffbb18885ea PyErr_SetFromErrno ERR_clear_error 1061->1066 1067 7ffbb18885ec-7ffbb18885fd call 7ffbb1886598 1061->1067 1062->1033 1073 7ffbb1888574 1062->1073 1063->1052 1064->1033 1071 7ffbb18884f8 1064->1071 1065->1064 1070 7ffbb18884e5-7ffbb18884e8 _Py_Dealloc 1065->1070 1066->1033 1067->1033 1070->1064 1071->1036 1073->1036
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$Buffer_DeallocExceptionMatchesUnicode_$BufferConverterEval_Object_ReleaseStringThread_errno$CheckContiguousErrnoFromR_clear_errorRestoreSaveX_load_verify_locations
                                                                                                                                                                                                              • String ID: cadata should be a contiguous buffer with a single dimension$cadata should be an ASCII string or a bytes-like object$cafile should be a valid filesystem path$cafile, capath and cadata cannot be all omitted$capath should be a valid filesystem path
                                                                                                                                                                                                              • API String ID: 3554890122-3904065072
                                                                                                                                                                                                              • Opcode ID: 572a1b6e734274ab63ab30950f5254185f3aaeff19120c105b3c5ad12365799d
                                                                                                                                                                                                              • Instruction ID: 4d91776012cb508f989f85e6f96f28b59fa718c6d127dc2e6b765e9b072431a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 572a1b6e734274ab63ab30950f5254185f3aaeff19120c105b3c5ad12365799d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 738159A6A39A0281EB51DF7DEC5827823A2BF45B9CF644131DF0E87694DE3CE845C318
                                                                                                                                                                                                              Function 00007FFBBB6D5AFC Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 234threadnetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1074 7ffbbb6d5afc-7ffbbb6d5b4d PyType_GetModuleByDef 1075 7ffbbb6d5b4f-7ffbbb6d5b59 1074->1075 1076 7ffbbb6d5b5b-7ffbbb6d5b80 PySys_Audit 1074->1076 1075->1076 1077 7ffbbb6d5b9b-7ffbbb6d5ba9 1075->1077 1078 7ffbbb6d5bd6 1076->1078 1079 7ffbbb6d5b82-7ffbbb6d5b85 1076->1079 1080 7ffbbb6d5baf-7ffbbb6d5bb7 1077->1080 1081 7ffbbb6d5d6e-7ffbbb6d5d7e PyLong_AsLongLong 1077->1081 1082 7ffbbb6d5bdb-7ffbbb6d5bfe call 7ffbbb6d2a00 1078->1082 1083 7ffbbb6d5e46-7ffbbb6d5ea9 PyEval_SaveThread WSASocketW PyEval_RestoreThread 1079->1083 1084 7ffbbb6d5b8b-7ffbbb6d5b95 1079->1084 1085 7ffbbb6d5bb9-7ffbbb6d5bd0 PyErr_Format 1080->1085 1086 7ffbbb6d5bff-7ffbbb6d5c08 1080->1086 1087 7ffbbb6d5d80-7ffbbb6d5d89 PyErr_Occurred 1081->1087 1088 7ffbbb6d5dab-7ffbbb6d5dda memset getsockname 1081->1088 1090 7ffbbb6d5eaf-7ffbbb6d5ecd call 7ffbbb6d4420 1083->1090 1091 7ffbbb6d5d20-7ffbbb6d5d25 call 7ffbbb6d4a88 1083->1091 1084->1077 1084->1083 1085->1078 1096 7ffbbb6d5c10-7ffbbb6d5c61 1086->1096 1087->1078 1092 7ffbbb6d5d8f-7ffbbb6d5da6 PyErr_SetString 1087->1092 1093 7ffbbb6d5de8-7ffbbb6d5deb 1088->1093 1094 7ffbbb6d5ddc-7ffbbb6d5ddf 1088->1094 1105 7ffbbb6d5ed3-7ffbbb6d5ed5 1090->1105 1106 7ffbbb6d5d44-7ffbbb6d5d4d closesocket 1090->1106 1091->1078 1092->1078 1093->1091 1102 7ffbbb6d5df1-7ffbbb6d5dfc WSAGetLastError 1093->1102 1100 7ffbbb6d5de1-7ffbbb6d5de6 1094->1100 1101 7ffbbb6d5e02-7ffbbb6d5e06 1094->1101 1096->1096 1103 7ffbbb6d5c63-7ffbbb6d5cd6 PySys_Audit 1096->1103 1100->1101 1108 7ffbbb6d5e08-7ffbbb6d5e36 getsockopt 1101->1108 1109 7ffbbb6d5e41-7ffbbb6d5e44 1101->1109 1102->1091 1102->1101 1103->1078 1107 7ffbbb6d5cdc-7ffbbb6d5d1e PyEval_SaveThread WSASocketW PyEval_RestoreThread 1103->1107 1105->1082 1106->1078 1107->1091 1110 7ffbbb6d5d2a-7ffbbb6d5d3a SetHandleInformation 1107->1110 1108->1091 1111 7ffbbb6d5e3c 1108->1111 1109->1090 1112 7ffbbb6d5d52-7ffbbb6d5d69 1110->1112 1113 7ffbbb6d5d3c-7ffbbb6d5d3e PyErr_SetFromWindowsErr 1110->1113 1111->1109 1112->1090 1113->1106
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642984002.00007FFBBB6D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFBBB6D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642968550.00007FFBBB6D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642999969.00007FFBBB6D9000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643016252.00007FFBBB6E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643031110.00007FFBBB6E3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbb6d0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_Eval_Thread$AuditLongRestoreSaveSocketSys_$ErrorFormatFromHandleInformationLastLong_ModuleOccurredStringType_Windowsclosesocketgetsocknamegetsockoptmemset
                                                                                                                                                                                                              • String ID: Oiii$negative file descriptor$socket descriptor string has wrong size, should be %zu bytes.$socket.__new__
                                                                                                                                                                                                              • API String ID: 3363282672-2881308447
                                                                                                                                                                                                              • Opcode ID: 4cb0448f202c41487222ee5ef5d738bee55fded3baec7f269166aa18e43a2a4b
                                                                                                                                                                                                              • Instruction ID: e5105cdf3d9434cc882bc44cf1bbabcefa236e0d37318093af88f77948c40222
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4cb0448f202c41487222ee5ef5d738bee55fded3baec7f269166aa18e43a2a4b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22B156A2A08A8582E6509F3DDC042B9B360FB95B94F049335DF5E53AF1DF3CE9859704
                                                                                                                                                                                                              Function 00007FFBAB7014BF Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1114 7ffbab7014bf-7ffbab75f1b6 call 7ffbab701325 * 2 1121 7ffbab75f1bc-7ffbab75f1d3 ERR_clear_error SetLastError 1114->1121 1122 7ffbab75f4d4-7ffbab75f4ee 1114->1122 1123 7ffbab75f1e3-7ffbab75f1ea 1121->1123 1124 7ffbab75f1d5-7ffbab75f1dc 1121->1124 1125 7ffbab75f1ec-7ffbab75f1f0 1123->1125 1126 7ffbab75f1f8-7ffbab75f202 1123->1126 1124->1123 1127 7ffbab75f1f2-7ffbab75f1f6 1125->1127 1128 7ffbab75f214-7ffbab75f219 1125->1128 1126->1128 1129 7ffbab75f204-7ffbab75f20e call 7ffbab70192e 1126->1129 1127->1126 1127->1128 1130 7ffbab75f21b-7ffbab75f21e 1128->1130 1131 7ffbab75f225 1128->1131 1129->1122 1129->1128 1133 7ffbab75f229-7ffbab75f230 1130->1133 1135 7ffbab75f220 1130->1135 1131->1133 1136 7ffbab75f232-7ffbab75f239 1133->1136 1137 7ffbab75f275-7ffbab75f28a 1133->1137 1138 7ffbab75f3f1-7ffbab75f3f4 1135->1138 1139 7ffbab75f23b-7ffbab75f242 1136->1139 1140 7ffbab75f265-7ffbab75f270 1136->1140 1143 7ffbab75f28c-7ffbab75f296 1137->1143 1144 7ffbab75f2d9-7ffbab75f2e3 1137->1144 1141 7ffbab75f409-7ffbab75f40c 1138->1141 1142 7ffbab75f3f6-7ffbab75f3f9 call 7ffbab75ecc0 1138->1142 1139->1140 1149 7ffbab75f244-7ffbab75f253 1139->1149 1140->1137 1145 7ffbab75f440-7ffbab75f444 1141->1145 1146 7ffbab75f40e-7ffbab75f411 call 7ffbab75f6b0 1141->1146 1156 7ffbab75f3fe-7ffbab75f401 1142->1156 1147 7ffbab75f2f1-7ffbab75f308 call 7ffbab7020cc 1143->1147 1151 7ffbab75f298-7ffbab75f29b 1143->1151 1144->1147 1148 7ffbab75f2e5-7ffbab75f2ef ERR_new 1144->1148 1157 7ffbab75f44b-7ffbab75f479 ERR_new ERR_set_debug call 7ffbab701d8e 1145->1157 1158 7ffbab75f446-7ffbab75f449 1145->1158 1161 7ffbab75f416-7ffbab75f419 1146->1161 1172 7ffbab75f30a-7ffbab75f314 ERR_new 1147->1172 1173 7ffbab75f316-7ffbab75f31d 1147->1173 1152 7ffbab75f2ae-7ffbab75f2d4 ERR_set_debug call 7ffbab701d8e 1148->1152 1149->1140 1153 7ffbab75f255-7ffbab75f25c 1149->1153 1159 7ffbab75f29d-7ffbab75f2a2 1151->1159 1160 7ffbab75f2a4-7ffbab75f2a9 ERR_new 1151->1160 1164 7ffbab75f4ad-7ffbab75f4bb BUF_MEM_free 1152->1164 1153->1140 1163 7ffbab75f25e-7ffbab75f263 1153->1163 1156->1164 1165 7ffbab75f407 1156->1165 1166 7ffbab75f47e-7ffbab75f4a8 ERR_new ERR_set_debug ERR_set_error 1157->1166 1158->1157 1158->1166 1159->1147 1159->1160 1160->1152 1170 7ffbab75f41b-7ffbab75f42b 1161->1170 1171 7ffbab75f42d-7ffbab75f430 1161->1171 1163->1137 1163->1140 1164->1122 1175 7ffbab75f4bd-7ffbab75f4cb 1164->1175 1174 7ffbab75f3e8-7ffbab75f3ed 1165->1174 1166->1164 1170->1138 1171->1164 1178 7ffbab75f432-7ffbab75f43e 1171->1178 1172->1152 1179 7ffbab75f31f-7ffbab75f32a call 7ffbab77de03 1173->1179 1180 7ffbab75f366-7ffbab75f370 call 7ffbab70207c 1173->1180 1174->1138 1176 7ffbab75f4d2 1175->1176 1177 7ffbab75f4cd 1175->1177 1176->1122 1177->1176 1178->1164 1187 7ffbab75f32c-7ffbab75f336 ERR_new 1179->1187 1188 7ffbab75f33b-7ffbab75f34b call 7ffbab77d335 1179->1188 1185 7ffbab75f372-7ffbab75f37c ERR_new 1180->1185 1186 7ffbab75f381-7ffbab75f399 call 7ffbab701ff5 1180->1186 1185->1152 1193 7ffbab75f39b-7ffbab75f3a5 ERR_new 1186->1193 1194 7ffbab75f3aa-7ffbab75f3ae 1186->1194 1187->1152 1195 7ffbab75f35c-7ffbab75f363 1188->1195 1196 7ffbab75f34d-7ffbab75f357 ERR_new 1188->1196 1193->1152 1197 7ffbab75f3b0-7ffbab75f3b4 1194->1197 1198 7ffbab75f3b6-7ffbab75f3bd 1194->1198 1195->1180 1196->1152 1197->1198 1199 7ffbab75f3bf-7ffbab75f3c9 call 7ffbab70186b 1197->1199 1198->1174 1198->1199 1199->1164 1202 7ffbab75f3cf-7ffbab75f3d6 1199->1202 1203 7ffbab75f3e1 1202->1203 1204 7ffbab75f3d8-7ffbab75f3df 1202->1204 1203->1174 1204->1174 1204->1203
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_new$R_set_debug$ErrorLastM_freeR_clear_errorR_set_error
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem.c$state_machine
                                                                                                                                                                                                              • API String ID: 1370845099-1722249466
                                                                                                                                                                                                              • Opcode ID: 0d32384d7316208965964d29d91abcf0daa34d1bc1be83e9d84aa4d08f48a424
                                                                                                                                                                                                              • Instruction ID: 410ce2bb7b5527d3b18d2522d2c0ef43f46d480c37432bed45584fbe828a6363
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d32384d7316208965964d29d91abcf0daa34d1bc1be83e9d84aa4d08f48a424
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70A180F2A0F64282FB629A35D441BBD2291EF41B44F14C135DD7D4A6F9CEBCE9818741
                                                                                                                                                                                                              Function 00007FFBAB684640 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1260 7ffbab684640-7ffbab68467d PyImport_ImportModuleLevelObject 1261 7ffbab6847fb 1260->1261 1262 7ffbab684683-7ffbab68468f 1260->1262 1263 7ffbab6847fd-7ffbab684814 1261->1263 1264 7ffbab684815-7ffbab684818 1262->1264 1265 7ffbab684695-7ffbab6846a8 1262->1265 1264->1263 1266 7ffbab6846b0-7ffbab6846c9 PyObject_GetAttr 1265->1266 1267 7ffbab6846cb-7ffbab6846e9 PyUnicode_FromFormat 1266->1267 1268 7ffbab684717-7ffbab68472b 1266->1268 1269 7ffbab6846ef-7ffbab684701 PyObject_GetItem 1267->1269 1270 7ffbab68477b-7ffbab6847c2 PyErr_Clear PyModule_GetFilenameObject PyUnicode_FromFormat PyErr_SetImportError 1267->1270 1271 7ffbab68472d-7ffbab684733 PyDict_SetItem 1268->1271 1272 7ffbab684735 PyObject_SetItem 1268->1272 1275 7ffbab684712-7ffbab684715 1269->1275 1276 7ffbab684703-7ffbab684707 1269->1276 1273 7ffbab6847c4-7ffbab6847c8 1270->1273 1274 7ffbab6847d3-7ffbab6847d6 1270->1274 1277 7ffbab68473b-7ffbab684740 1271->1277 1272->1277 1273->1274 1278 7ffbab6847ca-7ffbab6847cd _Py_Dealloc 1273->1278 1279 7ffbab6847d8-7ffbab6847dc 1274->1279 1280 7ffbab6847e7-7ffbab6847ea 1274->1280 1275->1268 1275->1270 1276->1275 1281 7ffbab684709-7ffbab68470c _Py_Dealloc 1276->1281 1282 7ffbab684742-7ffbab684746 1277->1282 1283 7ffbab684751-7ffbab684753 1277->1283 1278->1274 1279->1280 1284 7ffbab6847de-7ffbab6847e1 _Py_Dealloc 1279->1284 1280->1261 1285 7ffbab6847ec-7ffbab6847f0 1280->1285 1281->1275 1282->1283 1286 7ffbab684748-7ffbab68474b _Py_Dealloc 1282->1286 1283->1280 1287 7ffbab684759-7ffbab684768 1283->1287 1284->1280 1285->1261 1288 7ffbab6847f2-7ffbab6847f5 _Py_Dealloc 1285->1288 1286->1283 1287->1264 1289 7ffbab68476e-7ffbab684776 1287->1289 1288->1261 1289->1266
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642367937.00007FFBAB681000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFBAB680000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642354436.00007FFBAB680000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642385467.00007FFBAB695000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642400312.00007FFBAB69B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642416018.00007FFBAB69F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab680000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$ItemObject_$Err_FormatFromImportObjectUnicode_$AttrClearDict_ErrorFilenameImport_LevelModuleModule_
                                                                                                                                                                                                              • String ID: %U.%U$cannot import name %R from %R (%S)
                                                                                                                                                                                                              • API String ID: 3630264407-438398067
                                                                                                                                                                                                              • Opcode ID: fcd6dac6a765cb05053f4bfe7cd39cb166bae5586e68d4d28e2f2c7c25a5bf2f
                                                                                                                                                                                                              • Instruction ID: 27cdb2d27d352becdf4f2d9033e5280b5f023133a7147aea7541b0ae732c958e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fcd6dac6a765cb05053f4bfe7cd39cb166bae5586e68d4d28e2f2c7c25a5bf2f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2514CB6A0AB8281EA168B79EC44779E3A0BB45FD5F44E031CE6E43764EF3CE0458300
                                                                                                                                                                                                              Function 00007FFBAB701C62 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug$L_sk_valueR_clear_errorX509_get0_pubkey
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$tls_post_process_server_certificate
                                                                                                                                                                                                              • API String ID: 2779586248-3767186838
                                                                                                                                                                                                              • Opcode ID: 4b3c939a7b197642555fd03858451e68e0e2822e76a72f073d6beb959d7d97e5
                                                                                                                                                                                                              • Instruction ID: e2c7061d0a1a4ce4d22cdf5daafa15b142ca5f282cde24b08e7d4b2bcf4cb844
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b3c939a7b197642555fd03858451e68e0e2822e76a72f073d6beb959d7d97e5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8517FE2B0A68282FB52DB35D4557BD2360EB84B84F948035ED2D477B6DFBCE9918700
                                                                                                                                                                                                              Function 00007FFBAB7014F1 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 231COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1331 7ffbab7014f1-7ffbab747b94 call 7ffbab701325 1335 7ffbab747c93 1331->1335 1336 7ffbab747b9a-7ffbab747ba2 1331->1336 1339 7ffbab747c95-7ffbab747cb1 1335->1339 1337 7ffbab747bb1-7ffbab747bd3 1336->1337 1338 7ffbab747ba4-7ffbab747bab call 7ffbab701852 1336->1338 1341 7ffbab747bd5-7ffbab747bd8 1337->1341 1342 7ffbab747bf9-7ffbab747c03 1337->1342 1338->1337 1350 7ffbab747c38-7ffbab747c3d 1338->1350 1344 7ffbab747be1-7ffbab747bf2 1341->1344 1345 7ffbab747bda 1341->1345 1346 7ffbab747c3f-7ffbab747c4d 1342->1346 1347 7ffbab747c05-7ffbab747c33 ERR_new ERR_set_debug call 7ffbab701d8e 1342->1347 1344->1342 1345->1344 1348 7ffbab747c4f-7ffbab747c54 1346->1348 1349 7ffbab747c74-7ffbab747c87 1346->1349 1347->1350 1348->1349 1352 7ffbab747c56-7ffbab747c6d call 7ffbab77faac 1348->1352 1353 7ffbab747cc6-7ffbab747cd3 1349->1353 1354 7ffbab747c89-7ffbab747c8c 1349->1354 1350->1339 1352->1349 1358 7ffbab747cfe-7ffbab747d0b 1353->1358 1359 7ffbab747cd5-7ffbab747cfc 1353->1359 1356 7ffbab747c8e-7ffbab747c91 1354->1356 1357 7ffbab747cb2-7ffbab747cb5 1354->1357 1356->1335 1356->1353 1357->1353 1361 7ffbab747cb7-7ffbab747cc4 1357->1361 1362 7ffbab747d0d-7ffbab747d45 ERR_new ERR_set_debug call 7ffbab701d8e 1358->1362 1363 7ffbab747d4a-7ffbab747d51 1358->1363 1359->1339 1361->1359 1362->1339 1364 7ffbab747d5e-7ffbab747d61 1363->1364 1365 7ffbab747d53-7ffbab747d57 1363->1365 1369 7ffbab747d63-7ffbab747d66 1364->1369 1370 7ffbab747d68-7ffbab747d6f 1364->1370 1365->1364 1368 7ffbab747d59-7ffbab747d5c 1365->1368 1371 7ffbab747d70-7ffbab747d7f SetLastError 1368->1371 1369->1371 1370->1371 1372 7ffbab747e95-7ffbab747ec8 ERR_new ERR_set_debug call 7ffbab701d8e 1371->1372 1373 7ffbab747d85-7ffbab747db1 BIO_read 1371->1373 1383 7ffbab747ecd-7ffbab747edb 1372->1383 1374 7ffbab747de5-7ffbab747df7 1373->1374 1375 7ffbab747db3-7ffbab747dc3 BIO_test_flags 1373->1375 1380 7ffbab747dfe-7ffbab747e01 1374->1380 1381 7ffbab747df9-7ffbab747dfc 1374->1381 1378 7ffbab747ddd-7ffbab747ddf 1375->1378 1379 7ffbab747dc5-7ffbab747ddb BIO_ctrl 1375->1379 1378->1374 1378->1383 1379->1378 1382 7ffbab747e09-7ffbab747e10 1379->1382 1380->1371 1384 7ffbab747e07 1380->1384 1381->1380 1385 7ffbab747e61 1381->1385 1386 7ffbab747e2c-7ffbab747e5f ERR_new ERR_set_debug call 7ffbab701d8e 1382->1386 1387 7ffbab747e12-7ffbab747e27 call 7ffbab701c49 1382->1387 1389 7ffbab747edd-7ffbab747eec 1383->1389 1390 7ffbab747eff-7ffbab747f01 1383->1390 1388 7ffbab747e64-7ffbab747e90 1384->1388 1385->1388 1386->1383 1387->1383 1388->1339 1389->1390 1393 7ffbab747eee-7ffbab747ef5 1389->1393 1390->1339 1393->1390 1396 7ffbab747ef7-7ffbab747efa call 7ffbab701988 1393->1396 1396->1390
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug$ErrorLastO_ctrlO_readO_test_flags
                                                                                                                                                                                                              • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_read_n
                                                                                                                                                                                                              • API String ID: 3359833097-4226281315
                                                                                                                                                                                                              • Opcode ID: f9d5ff3984fc14434fd6bc00862e317b48592ec70b53f1a32cd884835e8d4e04
                                                                                                                                                                                                              • Instruction ID: 589235782e9a493f1cadc2a1b63be7242cb9cbbefdba499f223f6bff0d3a5d99
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9d5ff3984fc14434fd6bc00862e317b48592ec70b53f1a32cd884835e8d4e04
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FFA18CB1A0AA8682FB569F35D9007BD3694EB44B88F548132DD2D0BBFADFB8D4458300
                                                                                                                                                                                                              Function 00007FFBBB6D6C9C Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 82COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642984002.00007FFBBB6D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFBBB6D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642968550.00007FFBBB6D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642999969.00007FFBBB6D9000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643016252.00007FFBBB6E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643031110.00007FFBBB6E3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbb6d0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_Err_ParseSizeTuple_$Buffer_ClearReleasesetsockopt$Format
                                                                                                                                                                                                              • String ID: iiO!I:setsockopt$iii:setsockopt$iiy*:setsockopt$socket option is larger than %i bytes
                                                                                                                                                                                                              • API String ID: 418579395-1608436615
                                                                                                                                                                                                              • Opcode ID: e5620e990f8220b448d5b59fe45baab9dc0f6dbd4740d24abe31777b74632af3
                                                                                                                                                                                                              • Instruction ID: 5469480aa918febeec5833c07092a79c76e4165e433b61d5f9ac215fff1d815d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5620e990f8220b448d5b59fe45baab9dc0f6dbd4740d24abe31777b74632af3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F241107160CA4696E7208F29E8447A9B360FB89B94F508131DB5E437B4DF3CD949D748
                                                                                                                                                                                                              Function 00007FF6CA231950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1413 7ff6ca231950-7ff6ca23198b call 7ff6ca2345c0 1416 7ff6ca231991-7ff6ca2319d1 call 7ff6ca237f90 1413->1416 1417 7ff6ca231c4e-7ff6ca231c72 call 7ff6ca23c550 1413->1417 1422 7ff6ca2319d7-7ff6ca2319e7 call 7ff6ca2406d4 1416->1422 1423 7ff6ca231c3b-7ff6ca231c3e call 7ff6ca24004c 1416->1423 1428 7ff6ca231a08-7ff6ca231a24 call 7ff6ca24039c 1422->1428 1429 7ff6ca2319e9-7ff6ca231a03 call 7ff6ca244f08 call 7ff6ca232910 1422->1429 1427 7ff6ca231c43-7ff6ca231c4b 1423->1427 1427->1417 1435 7ff6ca231a26-7ff6ca231a40 call 7ff6ca244f08 call 7ff6ca232910 1428->1435 1436 7ff6ca231a45-7ff6ca231a5a call 7ff6ca244f28 1428->1436 1429->1423 1435->1423 1443 7ff6ca231a5c-7ff6ca231a76 call 7ff6ca244f08 call 7ff6ca232910 1436->1443 1444 7ff6ca231a7b-7ff6ca231afc call 7ff6ca231c80 * 2 call 7ff6ca2406d4 1436->1444 1443->1423 1455 7ff6ca231b01-7ff6ca231b14 call 7ff6ca244f44 1444->1455 1458 7ff6ca231b16-7ff6ca231b30 call 7ff6ca244f08 call 7ff6ca232910 1455->1458 1459 7ff6ca231b35-7ff6ca231b4e call 7ff6ca24039c 1455->1459 1458->1423 1464 7ff6ca231b50-7ff6ca231b6a call 7ff6ca244f08 call 7ff6ca232910 1459->1464 1465 7ff6ca231b6f-7ff6ca231b8b call 7ff6ca240110 1459->1465 1464->1423 1473 7ff6ca231b8d-7ff6ca231b99 call 7ff6ca232710 1465->1473 1474 7ff6ca231b9e-7ff6ca231bac 1465->1474 1473->1423 1474->1423 1475 7ff6ca231bb2-7ff6ca231bb9 1474->1475 1478 7ff6ca231bc1-7ff6ca231bc7 1475->1478 1480 7ff6ca231bc9-7ff6ca231bd6 1478->1480 1481 7ff6ca231be0-7ff6ca231bef 1478->1481 1482 7ff6ca231bf1-7ff6ca231bfa 1480->1482 1481->1481 1481->1482 1483 7ff6ca231bfc-7ff6ca231bff 1482->1483 1484 7ff6ca231c0f 1482->1484 1483->1484 1485 7ff6ca231c01-7ff6ca231c04 1483->1485 1486 7ff6ca231c11-7ff6ca231c24 1484->1486 1485->1484 1487 7ff6ca231c06-7ff6ca231c09 1485->1487 1488 7ff6ca231c26 1486->1488 1489 7ff6ca231c2d-7ff6ca231c39 1486->1489 1487->1484 1490 7ff6ca231c0b-7ff6ca231c0d 1487->1490 1488->1489 1489->1423 1489->1478 1490->1486
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA237F90: _fread_nolock.LIBCMT ref: 00007FF6CA23803A
                                                                                                                                                                                                              • _fread_nolock.LIBCMT ref: 00007FF6CA231A1B
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA232910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6CA231B6A), ref: 00007FF6CA23295E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                              • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                              • API String ID: 2397952137-3497178890
                                                                                                                                                                                                              • Opcode ID: 3ff95809ca1090418fbd1d21d944a3955d2264a87fb5bf50133219bb90c93b1a
                                                                                                                                                                                                              • Instruction ID: d3905cac1daa9b0ad634e79b7a56291bb297d717c46ac96b1af37ea1f46a3bdf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ff95809ca1090418fbd1d21d944a3955d2264a87fb5bf50133219bb90c93b1a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD81C4B1A0D6A286EB20DF24F2602B933A5FF49746F484471D9CDC7789EE3CE585A740
                                                                                                                                                                                                              Function 00007FFBAB75ECC0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1491 7ffbab75ecc0-7ffbab75ecf1 call 7ffbab701325 1494 7ffbab75ed01-7ffbab75ed59 1491->1494 1495 7ffbab75ecf3-7ffbab75ecfa 1491->1495 1496 7ffbab75ed5b-7ffbab75ed65 1494->1496 1497 7ffbab75ed68-7ffbab75ed6c 1494->1497 1495->1494 1496->1497 1498 7ffbab75ed70-7ffbab75ed75 1497->1498 1499 7ffbab75ed77-7ffbab75ed7a 1498->1499 1500 7ffbab75edb4-7ffbab75edca 1498->1500 1503 7ffbab75ed80-7ffbab75ed83 1499->1503 1504 7ffbab75ee94-7ffbab75eeaa 1499->1504 1501 7ffbab75edcc-7ffbab75edd1 call 7ffbab7026a8 1500->1501 1502 7ffbab75edd3 1500->1502 1507 7ffbab75edd8-7ffbab75edda 1501->1507 1502->1507 1508 7ffbab75edd3 call 7ffbab702252 1502->1508 1509 7ffbab75ef80-7ffbab75ef85 ERR_new 1503->1509 1510 7ffbab75ed89-7ffbab75ed8f call 7ffbab701c62 1503->1510 1505 7ffbab75eeac-7ffbab75eeb1 call 7ffbab7015e1 1504->1505 1506 7ffbab75eeb3 1504->1506 1514 7ffbab75eeb8-7ffbab75eeba 1505->1514 1506->1514 1515 7ffbab75eeb3 call 7ffbab7011c7 1506->1515 1517 7ffbab75ede0-7ffbab75ede3 1507->1517 1518 7ffbab75f053 1507->1518 1508->1507 1512 7ffbab75ef8a-7ffbab75efa8 ERR_set_debug 1509->1512 1524 7ffbab75ed92-7ffbab75ed98 1510->1524 1521 7ffbab75f048-7ffbab75f04e call 7ffbab701d8e 1512->1521 1514->1518 1523 7ffbab75eec0-7ffbab75eed8 1514->1523 1515->1514 1519 7ffbab75ee01-7ffbab75ee0d 1517->1519 1520 7ffbab75ede5-7ffbab75edf7 1517->1520 1525 7ffbab75f055-7ffbab75f06c 1518->1525 1519->1518 1533 7ffbab75ee13-7ffbab75ee23 1519->1533 1526 7ffbab75edfe 1520->1526 1527 7ffbab75edf9 1520->1527 1521->1518 1528 7ffbab75f011-7ffbab75f01b ERR_new 1523->1528 1529 7ffbab75eede-7ffbab75ef04 1523->1529 1524->1497 1530 7ffbab75ed9a-7ffbab75edca 1524->1530 1526->1519 1527->1526 1528->1512 1536 7ffbab75ef0a-7ffbab75ef0d 1529->1536 1537 7ffbab75eff6-7ffbab75effa 1529->1537 1530->1501 1530->1502 1545 7ffbab75f020-7ffbab75f042 ERR_new ERR_set_debug 1533->1545 1546 7ffbab75ee29-7ffbab75ee37 1533->1546 1541 7ffbab75efd7-7ffbab75efe5 1536->1541 1542 7ffbab75ef13-7ffbab75ef16 1536->1542 1538 7ffbab75f002-7ffbab75f00c ERR_new 1537->1538 1539 7ffbab75effc-7ffbab75f000 1537->1539 1544 7ffbab75ef4d-7ffbab75ef6b ERR_set_debug 1538->1544 1539->1518 1539->1538 1549 7ffbab75efef-7ffbab75eff4 1541->1549 1550 7ffbab75efe7-7ffbab75efea call 7ffbab702540 1541->1550 1547 7ffbab75ef20-7ffbab75ef2e 1542->1547 1548 7ffbab75ef18-7ffbab75ef1b 1542->1548 1544->1521 1545->1521 1551 7ffbab75ee39-7ffbab75ee3c 1546->1551 1552 7ffbab75ee85-7ffbab75ee8d 1546->1552 1547->1498 1547->1544 1548->1498 1549->1525 1550->1549 1551->1552 1554 7ffbab75ee3e-7ffbab75ee5f BUF_MEM_grow_clean 1551->1554 1552->1504 1555 7ffbab75efad-7ffbab75efd5 ERR_new ERR_set_debug 1554->1555 1556 7ffbab75ee65-7ffbab75ee68 1554->1556 1555->1521 1556->1555 1557 7ffbab75ee6e-7ffbab75ee83 1556->1557 1557->1552
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                                                                                                                                                              • API String ID: 0-3323778802
                                                                                                                                                                                                              • Opcode ID: c8972936501a879b7e84c5051af7770807ba9d65b882bacb7b5450dec163fd8f
                                                                                                                                                                                                              • Instruction ID: a03b013a3e46324b55391ae8cce0e8285aaf5b77fee90aae25294b76f8d8f7d1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8972936501a879b7e84c5051af7770807ba9d65b882bacb7b5450dec163fd8f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5916DA2A0A64281FB529B35D8507BD2791EB40B48F98C236DE3D47AF5CFBDE446C340
                                                                                                                                                                                                              Function 00007FFBAB688EC3 Relevance: 19.6, APIs: 13, Instructions: 140COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 1559 7ffbab688ec3-7ffbab688f09 call 7ffbab6841e0 1562 7ffbab688f43-7ffbab688f4d 1559->1562 1563 7ffbab688f0b-7ffbab688f15 call 7ffbab6923a0 1559->1563 1564 7ffbab688f69-7ffbab688f6c 1562->1564 1565 7ffbab688f4f-7ffbab688f58 1562->1565 1570 7ffbab688f1a-7ffbab688f1c 1563->1570 1568 7ffbab688f6e-7ffbab688f70 1564->1568 1569 7ffbab688f81-7ffbab688f8b 1564->1569 1565->1564 1567 7ffbab688f5a-7ffbab688f5e 1565->1567 1567->1564 1571 7ffbab688f60-7ffbab688f63 _Py_Dealloc 1567->1571 1568->1569 1572 7ffbab688f72-7ffbab688f76 1568->1572 1573 7ffbab688fa4-7ffbab688fae 1569->1573 1574 7ffbab688f8d-7ffbab688f96 1569->1574 1570->1562 1575 7ffbab688f1e-7ffbab688f20 1570->1575 1571->1564 1572->1569 1576 7ffbab688f78-7ffbab688f7b _Py_Dealloc 1572->1576 1578 7ffbab688fc7-7ffbab688fd1 1573->1578 1579 7ffbab688fb0-7ffbab688fb9 1573->1579 1574->1573 1577 7ffbab688f98-7ffbab688f9c 1574->1577 1580 7ffbab688f31-7ffbab688f42 1575->1580 1581 7ffbab688f22-7ffbab688f26 1575->1581 1576->1569 1577->1573 1586 7ffbab688f9e _Py_Dealloc 1577->1586 1584 7ffbab688fd3-7ffbab688fdc 1578->1584 1585 7ffbab688fea-7ffbab688ff4 1578->1585 1579->1578 1582 7ffbab688fbb-7ffbab688fbf 1579->1582 1581->1580 1583 7ffbab688f28-7ffbab688f2b _Py_Dealloc 1581->1583 1582->1578 1587 7ffbab688fc1 _Py_Dealloc 1582->1587 1583->1580 1584->1585 1588 7ffbab688fde-7ffbab688fe2 1584->1588 1589 7ffbab688ff6-7ffbab688fff 1585->1589 1590 7ffbab68900d-7ffbab689017 1585->1590 1586->1573 1587->1578 1588->1585 1591 7ffbab688fe4 _Py_Dealloc 1588->1591 1589->1590 1592 7ffbab689001-7ffbab689005 1589->1592 1593 7ffbab689019-7ffbab689022 1590->1593 1594 7ffbab689030-7ffbab68903a 1590->1594 1591->1585 1592->1590 1595 7ffbab689007 _Py_Dealloc 1592->1595 1593->1594 1596 7ffbab689024-7ffbab689028 1593->1596 1597 7ffbab689053-7ffbab68905d 1594->1597 1598 7ffbab68903c-7ffbab689045 1594->1598 1595->1590 1596->1594 1602 7ffbab68902a _Py_Dealloc 1596->1602 1600 7ffbab689076-7ffbab689080 1597->1600 1601 7ffbab68905f-7ffbab689068 1597->1601 1598->1597 1599 7ffbab689047-7ffbab68904b 1598->1599 1599->1597 1603 7ffbab68904d _Py_Dealloc 1599->1603 1605 7ffbab689099-7ffbab6890a3 1600->1605 1606 7ffbab689082-7ffbab68908b 1600->1606 1601->1600 1604 7ffbab68906a-7ffbab68906e 1601->1604 1602->1594 1603->1597 1604->1600 1607 7ffbab689070 _Py_Dealloc 1604->1607 1609 7ffbab6890a5-7ffbab6890ae 1605->1609 1610 7ffbab6890bc-7ffbab6890c6 1605->1610 1606->1605 1608 7ffbab68908d-7ffbab689091 1606->1608 1607->1600 1608->1605 1611 7ffbab689093 _Py_Dealloc 1608->1611 1609->1610 1612 7ffbab6890b0-7ffbab6890b4 1609->1612 1613 7ffbab6890c8-7ffbab6890d1 1610->1613 1614 7ffbab6890df-7ffbab6890eb 1610->1614 1611->1605 1612->1610 1616 7ffbab6890b6 _Py_Dealloc 1612->1616 1613->1614 1615 7ffbab6890d3-7ffbab6890d7 1613->1615 1615->1614 1617 7ffbab6890d9 _Py_Dealloc 1615->1617 1616->1610 1617->1614
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642367937.00007FFBAB681000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFBAB680000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642354436.00007FFBAB680000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642385467.00007FFBAB695000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642400312.00007FFBAB69B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642416018.00007FFBAB69F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab680000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Unicode_$FromInternPlaceSizeString
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2745024575-0
                                                                                                                                                                                                              • Opcode ID: 091893d1f0e79c71c802a693a5176002506af28f025ec817263c4d69333cf0a2
                                                                                                                                                                                                              • Instruction ID: c20a8aded3c92d1a82d08185eb6343b6e19a47441a1697ae937a922fac9aead5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 091893d1f0e79c71c802a693a5176002506af28f025ec817263c4d69333cf0a2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A171B2B5D0BA02C5EA678BBCED44138B3A4BF44B94F58E438CD7D426B1DE2EA4468311
                                                                                                                                                                                                              Function 00007FF6CA232180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                              • String ID: P%
                                                                                                                                                                                                              • API String ID: 2147705588-2959514604
                                                                                                                                                                                                              • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                              • Instruction ID: 9a1790bc8622c38a9c22579eda11b5d2be54bbe1870c21aea4f6ed7e5f706404
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3751C7266187A186D6349F26B4281BAB7A1F798B62F044125EFDE83694EF3CD045DB10
                                                                                                                                                                                                              Function 00007FFBAB75F6B0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(?,?,FFFFFFFF,00000000,00007FFBAB75F416), ref: 00007FFBAB75F762
                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(?,?,FFFFFFFF,00000000,00007FFBAB75F416), ref: 00007FFBAB75F77A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                              • API String ID: 193678381-552286378
                                                                                                                                                                                                              • Opcode ID: e5d1fe94fccde403d4ccffd35c49600b4c13cc4e7178492653a3fc2a8d140b00
                                                                                                                                                                                                              • Instruction ID: fea15fb0d7d68a44e3c3438ad5a12453be32233ab25cc6ef61ba85d2b0220a37
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5d1fe94fccde403d4ccffd35c49600b4c13cc4e7178492653a3fc2a8d140b00
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AA1AFB2A0A64292EB62DF35D4547BD2360FB41B48F448236DE2D4BAB5CFBCE945C701
                                                                                                                                                                                                              Function 00007FFBB1881F00 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_KeywordsObject_SizeTrueUnicode_Unpack
                                                                                                                                                                                                              • String ID: argument 'txt'$embedded null character$str$txt2obj
                                                                                                                                                                                                              • API String ID: 3371007025-2001486153
                                                                                                                                                                                                              • Opcode ID: b2daa0e140c4402bed0d4f6561395dd6113a473a94545316f0d0d53de7ff24b9
                                                                                                                                                                                                              • Instruction ID: 653f7869ccd8e2eda5849a7a22b907418686075bf0faa4804a61cae3b3ff6d6e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2daa0e140c4402bed0d4f6561395dd6113a473a94545316f0d0d53de7ff24b9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E31A0A2A2CA42D9EB61CB39EC503B96362FB84BA8F444231DF4D87694EF3DD545C304
                                                                                                                                                                                                              Function 00007FF6CA231470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                              • Opcode ID: 55660f7852eeee30d2d639831c2873b2ebe9c995d45b3204146c46c5ee4e8cf5
                                                                                                                                                                                                              • Instruction ID: d8d5c12e96ee9db938552ae36cf7ab5701a2873529e61ea8bc83a06a3a9fe7a2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55660f7852eeee30d2d639831c2873b2ebe9c995d45b3204146c46c5ee4e8cf5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1941B362A0A66286EF00DF21B6201B97394FF45785F4C44B2EDCD87B99EE3CE502A700
                                                                                                                                                                                                              Function 00007FFBBB6D4484 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 77networkthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642984002.00007FFBBB6D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFBBB6D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642968550.00007FFBBB6D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642999969.00007FFBBB6D9000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643016252.00007FFBBB6E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643031110.00007FFBBB6E3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbb6d0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Eval_Thread$CheckErr_RestoreSaveSignalsconnect
                                                                                                                                                                                                              • String ID: 3'
                                                                                                                                                                                                              • API String ID: 4284410693-280543908
                                                                                                                                                                                                              • Opcode ID: 88c8a5e225cc7f2ce4028eb1610a32d76e3284716cac698ef80141cc0631f35a
                                                                                                                                                                                                              • Instruction ID: 4cab39fcfd3b35349e87f69a0cf1a1a397cd2666de9e737d149d659e0d298842
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88c8a5e225cc7f2ce4028eb1610a32d76e3284716cac698ef80141cc0631f35a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39310FA1F0C74286E7605F79EC44579A690BF48794F048135EB5F42BB5DF3CEC50A648
                                                                                                                                                                                                              Function 00007FF6CA231210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                              • API String ID: 2050909247-2813020118
                                                                                                                                                                                                              • Opcode ID: 750117d0cef1200f284b8f46e1dc9bb692c8931361e04233996456fa0167cff0
                                                                                                                                                                                                              • Instruction ID: 9a4e411fe32e494504d98980bfca37ddb701cd78757532cc847bffe63eb990fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 750117d0cef1200f284b8f46e1dc9bb692c8931361e04233996456fa0167cff0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F510B62A0966245EA209F11F6603BA6294FF86796F4C41B1EECDC77C9EF3CE541E700
                                                                                                                                                                                                              Function 00007FF6CA2336B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF6CA233804), ref: 00007FF6CA2336E1
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6CA233804), ref: 00007FF6CA2336EB
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA232C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CA233706,?,00007FF6CA233804), ref: 00007FF6CA232C9E
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA232C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CA233706,?,00007FF6CA233804), ref: 00007FF6CA232D63
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA232C50: MessageBoxW.USER32 ref: 00007FF6CA232D99
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                              • API String ID: 3187769757-2863816727
                                                                                                                                                                                                              • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                              • Instruction ID: 84fa57ecefff04312eb0a7ab2ca787131104ccf6d8c9946146f6fe2ff3df5201
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7021A651F1D66251FA209F20FA303B62258BF95396F4841B2D6DDC36D9FE2CE605E300
                                                                                                                                                                                                              Function 00007FF6CA24BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                              • Instruction ID: fdd2512799341e6d04bbe64c2ab1ade80e5a9771f79090b1ca5e52c2ed1d4b11
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3C1E722A0CAA692E7619F15B6602BD3750FF81B82F5D41B1FACE87791CF7CE445A700
                                                                                                                                                                                                              Function 00007FFBAB7715A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_lib.c$tls_get_message_header
                                                                                                                                                                                                              • API String ID: 193678381-2714770296
                                                                                                                                                                                                              • Opcode ID: f45773da2448751231a1ca749fc05bc9d2df97a6a3f744ec35cbeb086fc78321
                                                                                                                                                                                                              • Instruction ID: 0a4c56cb950d23a964d31da65c06e130bc7c5ab80a1fc24635d08e9efe022263
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f45773da2448751231a1ca749fc05bc9d2df97a6a3f744ec35cbeb086fc78321
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 376159B2A0968285EB51CF35E8503B927A0EB44B48F188036DFAD57BB5EF7CD4A49710
                                                                                                                                                                                                              Function 00007FFBBB6D599C Relevance: 10.6, APIs: 7, Instructions: 103COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642984002.00007FFBBB6D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFBBB6D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642968550.00007FFBBB6D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642999969.00007FFBBB6D9000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643016252.00007FFBBB6E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643031110.00007FFBBB6E3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbb6d0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_Long_Occurred$Arg_KeywordsUnpack
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 591546834-0
                                                                                                                                                                                                              • Opcode ID: eaa410074ab6af26ceaef7c7596cb67db9cb42dc3dbf0cc41afd0b861dd1535a
                                                                                                                                                                                                              • Instruction ID: f97e4c9033e3fbfe3eab45949a01e1be0d0a5a14f0ba44284af6e542b6f509ad
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eaa410074ab6af26ceaef7c7596cb67db9cb42dc3dbf0cc41afd0b861dd1535a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F4185A2A09A5142FE549F39EC54374A290BF45BA4F188636DF1F43BE0EF3CEC449254
                                                                                                                                                                                                              Function 00007FF6CA236360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                              • API String ID: 2050909247-2434346643
                                                                                                                                                                                                              • Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                                              • Instruction ID: 2ee3b42b5df78c983c65975d87f0dc71d6338be15598bf31e7fc1c171052ab05
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2641C631A1A6A6A1EA20DF11F6341EA7319FF55356F8801B2DADC83699EF3CE505D340
                                                                                                                                                                                                              Function 00007FFBAB71FD40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: C_get_current_jobR_newR_set_debugR_set_error
                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_do_handshake
                                                                                                                                                                                                              • API String ID: 2134390360-2964568172
                                                                                                                                                                                                              • Opcode ID: 3e19f5133db6f9f0995d995d45ee5f37c3958f709a5efffcd3d50ec949d9a66b
                                                                                                                                                                                                              • Instruction ID: 0f8152ef6e9f5652413466819bfea6ebfa86378549af55e05cbae37aa1c67fed
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e19f5133db6f9f0995d995d45ee5f37c3958f709a5efffcd3d50ec949d9a66b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD21B3A2F0964242FB52EB35F8013BD6351EF88794F588232FD6D06BF6DEACD4918650
                                                                                                                                                                                                              Function 00007FFBBB6D46B0 Relevance: 9.0, APIs: 6, Instructions: 34threadnetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642984002.00007FFBBB6D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFBBB6D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642968550.00007FFBBB6D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642999969.00007FFBBB6D9000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643016252.00007FFBBB6E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643031110.00007FFBBB6E3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbb6d0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_Thread$Restore$Err_ErrorFromLastSaveWindowsioctlsocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 863680558-0
                                                                                                                                                                                                              • Opcode ID: 964070f957597cead12d681d8d9d4b975f1a861eb6e29b6fc22a496edc13ce25
                                                                                                                                                                                                              • Instruction ID: 5336600f010b8b161e9f4a956e6bb3371f03dfedae0c843a59f94429d858670a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 964070f957597cead12d681d8d9d4b975f1a861eb6e29b6fc22a496edc13ce25
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA012161A19A4282E7509F7AEC44069A3A0FF88B91B508030DB5F437B4CE3DDC95D704
                                                                                                                                                                                                              Function 00007FF6CA232390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                              • String ID: Unhandled exception in script
                                                                                                                                                                                                              • API String ID: 3081866767-2699770090
                                                                                                                                                                                                              • Opcode ID: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                                                                                                                                              • Instruction ID: d4cdab99911309d460d52cf54f07749e60b2c18d0aea13a97f88439956be4e7c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68316F72619A9289EB20DF61FA652F97360FF89789F480175EE8D87B49DF3CD1049700
                                                                                                                                                                                                              Function 00007FFBB1882010 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OBJ_txt2obj.LIBCRYPTO-3 ref: 00007FFBB1882030
                                                                                                                                                                                                              • PyModule_GetState.PYTHON312 ref: 00007FFBB1882045
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1882078: OBJ_obj2nid.LIBCRYPTO-3(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB188209A
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1882078: OBJ_nid2sn.LIBCRYPTO-3(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB18820AC
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1882078: OBJ_nid2ln.LIBCRYPTO-3(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB18820B7
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1882078: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB18820E5
                                                                                                                                                                                                              • ASN1_OBJECT_free.LIBCRYPTO-3 ref: 00007FFBB188205C
                                                                                                                                                                                                              • PyErr_Format.PYTHON312 ref: 00007FFBB18839BE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: BuildErr_FormatJ_nid2lnJ_nid2snJ_obj2nidJ_txt2objModule_SizeStateT_freeValue_
                                                                                                                                                                                                              • String ID: unknown object '%.100s'
                                                                                                                                                                                                              • API String ID: 2376969911-3113687063
                                                                                                                                                                                                              • Opcode ID: 4f419eb2a21d6b08ca2754835e6f07cd3d273da37a70c71d0d08a3a747956f7f
                                                                                                                                                                                                              • Instruction ID: f522497d9f41b727fbd575c33d95d4659ad2ef77281c84188321b3b5da34be82
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f419eb2a21d6b08ca2754835e6f07cd3d273da37a70c71d0d08a3a747956f7f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EF03691B28B4281EB04DB3BED540396392BF8CFE4B488134DF4E87B24DE2CD4458714
                                                                                                                                                                                                              Function 00007FFBBC151000 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643142367.00007FFBBC151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBBC150000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643127246.00007FFBBC150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643156701.00007FFBBC152000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643171629.00007FFBBC154000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbc150000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Import$Capsule_DeallocImport_Module
                                                                                                                                                                                                              • String ID: charset_normalizer.md__mypyc$charset_normalizer.md__mypyc.init_charset_normalizer___md
                                                                                                                                                                                                              • API String ID: 1394619730-824592145
                                                                                                                                                                                                              • Opcode ID: 5974c19f225ccfaa67e8cfdf14026b0452581abd6b019d6115b8283005d03241
                                                                                                                                                                                                              • Instruction ID: d4eab3d74562a890c711f9949fd39a294c459c6ed53a1f2d7c9ab266da2bbdfd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5974c19f225ccfaa67e8cfdf14026b0452581abd6b019d6115b8283005d03241
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15E06DE2E0A502C2EA4ACB38DC9C27123A0AF55B02F844030C31D62290EE7CED85D718
                                                                                                                                                                                                              Function 00007FF6CA245628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                                                                              • Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                                              • Instruction ID: af1b4bd1b566cf0c0d9df7365ec7bff3cfa83b811bd3e2e9c54f30cf5de2faca
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1419222E1879183F7508F61A6203797260FF947A5F149375E6DC83AD5EF7CA9E09700
                                                                                                                                                                                                              Function 00007FF6CA2320C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1956198572-0
                                                                                                                                                                                                              • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                              • Instruction ID: c0b3a2d80e252ed26362699b6cb3d78c0f44cd637a3a84b0819ef7851b3d30e3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1211E921A1C16242FA548F69F7642796255FB95782F4C8070DFC947B8EDD2DD8C5A300
                                                                                                                                                                                                              Function 00007FFBBB6D5338 Relevance: 6.0, APIs: 4, Instructions: 29threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642984002.00007FFBBB6D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFBBB6D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642968550.00007FFBBB6D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642999969.00007FFBBB6D9000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643016252.00007FFBBB6E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643031110.00007FFBBB6E3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbb6d0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_Thread$RestoreSave_errnoclosesocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1624953543-0
                                                                                                                                                                                                              • Opcode ID: 469834960f5fb333051253006ecc6c4dbb46e8df025279c03e012d890aa341a8
                                                                                                                                                                                                              • Instruction ID: 282ad7254d6427c9b7c979f7da9f082f9b4a58063aaf13cb07b3c91f38a5395b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 469834960f5fb333051253006ecc6c4dbb46e8df025279c03e012d890aa341a8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36F01DA2A18B4182E6545F6AE848068B364BB48BB5B188330DB7B03BF0DF7CDC859604
                                                                                                                                                                                                              Function 00007FFBBB6D53A4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FFBBB6D3DD0: PyErr_Format.PYTHON312 ref: 00007FFBBB6D4154
                                                                                                                                                                                                              • PySys_Audit.PYTHON312 ref: 00007FFBBB6D53FC
                                                                                                                                                                                                                • Part of subcall function 00007FFBBB6D4484: PyEval_SaveThread.PYTHON312 ref: 00007FFBBB6D44A2
                                                                                                                                                                                                                • Part of subcall function 00007FFBBB6D4484: connect.WS2_32 ref: 00007FFBBB6D44B5
                                                                                                                                                                                                                • Part of subcall function 00007FFBBB6D4484: PyEval_RestoreThread.PYTHON312 ref: 00007FFBBB6D44C0
                                                                                                                                                                                                                • Part of subcall function 00007FFBBB6D4484: WSAGetLastError.WS2_32 ref: 00007FFBBB6D44CE
                                                                                                                                                                                                                • Part of subcall function 00007FFBBB6D4484: WSAGetLastError.WS2_32 ref: 00007FFBBB6D44DA
                                                                                                                                                                                                                • Part of subcall function 00007FFBBB6D4484: PyErr_CheckSignals.PYTHON312 ref: 00007FFBBB6D44E7
                                                                                                                                                                                                                • Part of subcall function 00007FFBBB6D4484: WSASetLastError.WS2_32 ref: 00007FFBBB6D4501
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642984002.00007FFBBB6D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFBBB6D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642968550.00007FFBBB6D0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642999969.00007FFBBB6D9000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643016252.00007FFBBB6E1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643031110.00007FFBBB6E3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbb6d0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatRestoreSaveSignalsSys_connect
                                                                                                                                                                                                              • String ID: connect$socket.connect
                                                                                                                                                                                                              • API String ID: 2206401578-326844852
                                                                                                                                                                                                              • Opcode ID: f61d2d1e51494460e737621043c48afaf6b2b37121598ef846ec6ce56cffa346
                                                                                                                                                                                                              • Instruction ID: e6a289043b34e106181b9ab9dbfb03e50ad8c3abb750aea9e97a04d74ffc9fa4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f61d2d1e51494460e737621043c48afaf6b2b37121598ef846ec6ce56cffa346
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8115EA1708A8281E6209B29FC513A6B360FF847C4F449132DF4E47A65DE2CE900EB44
                                                                                                                                                                                                              Function 00007FF6CA23CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3251591375-0
                                                                                                                                                                                                              • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                              • Instruction ID: 28a17a4c146bc2334d3ee45027a04c4cc34d18c4a4e47dd673fdb2dafa612388
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0314F25E8A12745FA24AF64B7313B92295AF42346F4C44B5E9CDC72D7DE2DE809B300
                                                                                                                                                                                                              Function 00007FFBAB69252E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642367937.00007FFBAB681000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFBAB680000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642354436.00007FFBAB680000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642385467.00007FFBAB695000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642400312.00007FFBAB69B000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642416018.00007FFBAB69F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab680000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 3617616757-217463007
                                                                                                                                                                                                              • Opcode ID: 3d0b5fe31bdceefd0d16471987016516823057e139ed2a49c540c935358a7bd8
                                                                                                                                                                                                              • Instruction ID: 6a8fe0f4683aacc0764a495d26165f2ed2184ae6c581dea801be5f2f662e269f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d0b5fe31bdceefd0d16471987016516823057e139ed2a49c540c935358a7bd8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9F017E5E0BA0291EA2B9BADED100BCA290AF407A0F80E035CD2D132B0DE2CA5458700
                                                                                                                                                                                                              Function 00007FFBAB75F070 Relevance: 3.3, APIs: 2, Instructions: 303COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1231514297-0
                                                                                                                                                                                                              • Opcode ID: 8603938ac5e1fbf28ba7d9b8f40a04eb8b77d7e104ff7c3c46d49aacb8bdd123
                                                                                                                                                                                                              • Instruction ID: 048d920c0549d2664bafb9510c619902e6971f0fa0b308de54ef969ea1192a7f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8603938ac5e1fbf28ba7d9b8f40a04eb8b77d7e104ff7c3c46d49aacb8bdd123
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B221D7F290A74285FB669E35E841A7D32A0EF00B44F18C635DE7C4A6B5DEB8E441C651
                                                                                                                                                                                                              Function 00007FF6CA24013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                              • Instruction ID: 659c8b86347cdc3499b528a364e5f7d7f79b05c4f2d86f8b06cf827fbb2b675d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1512921B0D66186F7289E65B62067EAA91BF84BA5F0C4774DDED837C5CF3CE580A700
                                                                                                                                                                                                              Function 00007FFBAB701DF7 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1231514297-0
                                                                                                                                                                                                              • Opcode ID: 9e1f5a9259e0aa48b60180f011c1c6fd63c9391dcfad61ef29b2cdf2ae2c5ec5
                                                                                                                                                                                                              • Instruction ID: 51f3542c1ca64d9b581494f2905836550b904de1094c3b4ceb00fa7fb11d5e4c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e1f5a9259e0aa48b60180f011c1c6fd63c9391dcfad61ef29b2cdf2ae2c5ec5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA21A1B2E0A64285FB669E35E840A7D3290EF00B44F24C235ED3D4A6B5CEBCE9818651
                                                                                                                                                                                                              Function 00007FF6CA24C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                              • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                              • Instruction ID: af4fabed0ccbd3245b990db4e219b222779c53e289fe496fd161094244c3f699
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21110162708AA181DA208F29FA24069B361FB41FF1F584371EEBD8B7E9CE3CD4009700
                                                                                                                                                                                                              Function 00007FF6CA24AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00007FF6CA24A9D5,?,?,00000000,00007FF6CA24AA8A), ref: 00007FF6CA24ABC6
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6CA24A9D5,?,?,00000000,00007FF6CA24AA8A), ref: 00007FF6CA24ABD0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseErrorHandleLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 918212764-0
                                                                                                                                                                                                              • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                              • Instruction ID: 1e942f415eace05ec60e0c5a0507a9faa5e2d96939a15cf73cae40f22fea7485
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3821F620F1C6A601FA955F51B67437916839F94792F4C42B8D9AED77C6CE6CA4406300
                                                                                                                                                                                                              Function 00007FF6CA24BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                              • Instruction ID: e2b5bee9b36911e2e54c056e3bbd0f772854b0e885eafaa2f4d3c8b66ebb7547
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D41C432A1865587EA348F29B66027D73A0EB55B82F180171FBCEC36D1CF6CE402EB51
                                                                                                                                                                                                              Function 00007FFBAB75EDB0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • BUF_MEM_grow_clean.LIBCRYPTO-3(?,?,?,FFFFFFFF,00000000,?,00007FFBAB75F3FE), ref: 00007FFBAB75EE57
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: M_grow_clean
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 964628749-0
                                                                                                                                                                                                              • Opcode ID: 1aa8bc403af585d6ad140d3c981c2ccf0944b06950901931b16cc14dda0e7e7d
                                                                                                                                                                                                              • Instruction ID: ac0b43f23db20266e960c0bfe4c16c75953c0a6aad0ad84bc762366d966eb953
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1aa8bc403af585d6ad140d3c981c2ccf0944b06950901931b16cc14dda0e7e7d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E418FB2A0A68685EB568F35D4507792791EB40B88F48C235CE7D0B7F8CFB9E841C700
                                                                                                                                                                                                              Function 00007FF6CA237F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                                                                              • Opcode ID: d1cf0969546e67d8c79be56f924a5aafafb037098b6e94a4944dfbd08bf1f1e7
                                                                                                                                                                                                              • Instruction ID: 5ce5dfffc9cac928758fb371ed40234fd6127d1d148890a33fb3db461c7f6af1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1cf0969546e67d8c79be56f924a5aafafb037098b6e94a4944dfbd08bf1f1e7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A21E721B1967146FA109F2276283BA9655FF46BC5F8C4470EECD8BB86CE7DE141D300
                                                                                                                                                                                                              Function 00007FF6CA24B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
                                                                                                                                                                                                              • Instruction ID: 05a6c784e1eb9331d7e93f045b0846c642de92926f1fa47337c3d3324a32db3a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD31F732A18A3282F7115F55A66037C2690BF94B92F5A01B5F99DC33D2CF7CE441AB11
                                                                                                                                                                                                              Function 00007FFBB1888290 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_KeywordsUnpack
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1409375599-0
                                                                                                                                                                                                              • Opcode ID: 6cb1fd90222e8ed6d73af5992a05e71a90b08de09c5e51f19d7f0777dc6bec34
                                                                                                                                                                                                              • Instruction ID: aa34d78c472ec3ce3e49afd2c766ba5adf0f481386d555c69cf9dae848398680
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6cb1fd90222e8ed6d73af5992a05e71a90b08de09c5e51f19d7f0777dc6bec34
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27219CA2B29B5286EB508F6AEC009696794BB06BC8F690436DF4C17764DE3CE401C708
                                                                                                                                                                                                              Function 00007FFBAB701F4B Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_ctrl
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3605655398-0
                                                                                                                                                                                                              • Opcode ID: 6d0a7c46b07cd7016860ecfb13084718b787f51b2db9be319604d8e51638b5c7
                                                                                                                                                                                                              • Instruction ID: b8e5d793304b76bdfa2ebff2316bce7dc1f0aab1fa8ab8da8b5cac513fcae3a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d0a7c46b07cd7016860ecfb13084718b787f51b2db9be319604d8e51638b5c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA219E7270AB8486E7518F61F400BEA7760FB85B88F484036EF9C4BB69CF78C5408B10
                                                                                                                                                                                                              Function 00007FF6CA245F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                              • Instruction ID: aa574a1d83d8ad1990589aac1186ddc84a06097408b37327212e3a8dd7b5b63d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3711B732A1C66182FA619F11B62017DA260BF95B85F4D4471EBCCD7B96CF3CEC00A701
                                                                                                                                                                                                              Function 00007FF6CA256354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                              • Instruction ID: fa6b17a07b7de0c1914c92c695d88caab16652f37c2e77c54dfd19bc68443086
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF219232A18A9187EB618F18E6507B976A0FB84F65F1C4234EA9EC76D9DF3CD4019B00
                                                                                                                                                                                                              Function 00007FF6CA2403BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                              • Instruction ID: 8253911e552ceb22d589ac951cc7c532ae86640f0ada3d698b3110f96a49153f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E301C821A0876541E904DF527A11079A691BF85FE1F4C4671DEDCA7BD6CE3CD4416700
                                                                                                                                                                                                              Function 00007FFBAB701D48 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642623195.00007FFBAB701000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBAB700000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642608155.00007FFBAB700000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642623195.00007FFBAB783000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642684009.00007FFBAB785000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642707844.00007FFBAB7AD000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642723951.00007FFBAB7C0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab700000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_ctrl
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3605655398-0
                                                                                                                                                                                                              • Opcode ID: a4b8eeee13d128110936e2db35e08c6046306da2b697f9cb793a783440f41c5b
                                                                                                                                                                                                              • Instruction ID: c1b452862c1e4dd747d7a904d08ed237b687f43d0f04514a191e63579793ec5b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4b8eeee13d128110936e2db35e08c6046306da2b697f9cb793a783440f41c5b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24E086F2F1600283F7615775D846B691590DB8C718FA55030EE2C8BBF2DAEDDCE28604
                                                                                                                                                                                                              Function 00007FF6CA238E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF6CA239390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6CA2345F4,00000000,00007FF6CA231985), ref: 00007FF6CA2393C9
                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00007FF6CA236476,?,00007FF6CA23336E), ref: 00007FF6CA238EA2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2592636585-0
                                                                                                                                                                                                              • Opcode ID: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                                                                                                                                              • Instruction ID: bb8788f077fa06f35b02dbcf2a0be06227db91ebba75151833f383efe74eaa52
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03D0C201F3526542EA44AB67BB6667A5251AF8ABC0F8CC075EE8D83B4AEC3CC0415B00
                                                                                                                                                                                                              Function 00007FF6CA24D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,?,00007FF6CA240C90,?,?,?,00007FF6CA2422FA,?,?,?,?,?,00007FF6CA243AE9), ref: 00007FF6CA24D63A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2640711101.00007FF6CA231000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA230000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640696901.00007FF6CA230000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640733189.00007FF6CA25B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA26E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640751801.00007FF6CA271000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2640780304.00007FF6CA274000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ff6ca230000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                              • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                              • Instruction ID: ac7a4f90ffa28351082c1698c3c23ae594dbac09f11fb10285c021a71f71c4b4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00F05810F0822781FE642FB17A3127812905F887A2F0C07B0DDAEC62C6EE2CB480B610

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00007FFBB1888660 Relevance: 107.1, APIs: 50, Strings: 11, Instructions: 306COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocDict_$FromItemLongLong_StringX_ctrl
                                                                                                                                                                                                              • String ID: accept$accept_good$accept_renegotiate$cache_full$connect$connect_good$connect_renegotiate$hits$misses$number$timeouts
                                                                                                                                                                                                              • API String ID: 3804526530-4076585280
                                                                                                                                                                                                              • Opcode ID: 820737127015d71ccfd83fd69a9ea4788789af3eba4bcbe9f956353d34e4c0b0
                                                                                                                                                                                                              • Instruction ID: 32699c6ff0ea1f5afcd257a9b94d69002d34933c51765b0a6e1186101102b91b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 820737127015d71ccfd83fd69a9ea4788789af3eba4bcbe9f956353d34e4c0b0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5FD14CB6A3870686EB206F79ED5493973A2FF4AB99B144530CF0E46794EF7CE4148348
                                                                                                                                                                                                              Function 00007FFBB1885324 Relevance: 103.6, APIs: 48, Strings: 11, Instructions: 317COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$String$Dict_$Item$List_X509_$From$SizeUnicode_$AppendE_printO_ctrlO_freeO_getsX509_get0_notY_set$AfterBeforeE_entry_countE_get_entryErr_LongLong_O_newO_s_memTupleX509_get_issuer_nameX509_get_subject_nameX509_get_versionY_get_dataY_get_object
                                                                                                                                                                                                              • String ID: OCSP$caIssuers$crlDistributionPoints$failed to allocate BIO$issuer$notAfter$notBefore$serialNumber$subject$subjectAltName$version
                                                                                                                                                                                                              • API String ID: 3001048694-857226466
                                                                                                                                                                                                              • Opcode ID: 566499fb45556472644a0298f9679e0af4dabbcea8104d95487238c33c631071
                                                                                                                                                                                                              • Instruction ID: 2835110a86b3bce6ac39cc840548ec9c988fcfbf7b221e951d2fa0aa437375c8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 566499fb45556472644a0298f9679e0af4dabbcea8104d95487238c33c631071
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6D15AE1A29A4381EB649B3DED9467923A2BF46BE9F044530CF0E86651FF3CE5448718
                                                                                                                                                                                                              Function 00007FFBB1885AF8 Relevance: 98.4, APIs: 43, Strings: 13, Instructions: 364stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$Err_FromSizeUnicode_$E_printFormatL_sk_numL_sk_valueList_O_ctrlO_getsO_newO_s_memTuple_WarnX509_get_ext_d2istrchr
                                                                                                                                                                                                              • String ID: %X:%X:%X:%X:%X:%X:%X:%X$%d.%d.%d.%d$<INVALID>$<invalid>$DNS$DirName$IP Address$Invalid value %.200s$Registered ID$URI$Unknown general name type %d$email$failed to allocate BIO
                                                                                                                                                                                                              • API String ID: 359532264-4109427827
                                                                                                                                                                                                              • Opcode ID: f6b6aefb2dc15fb30c0c650a56e126c0a88b02103319534445393d62f1f16215
                                                                                                                                                                                                              • Instruction ID: aa7cd162812eb1b038a4e9933e0a5b6d9f6134785b814e45b7d39cf8dd02073a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6b6aefb2dc15fb30c0c650a56e126c0a88b02103319534445393d62f1f16215
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2F19DA1A2C68286EB658B39EC5853977A2FF85B9DF444131CF4E82690EF3CF504C718
                                                                                                                                                                                                              Function 00007FFBB188BBA0 Relevance: 54.5, APIs: 29, Strings: 2, Instructions: 215threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _PyObject_GC_New.PYTHON312(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BC3F
                                                                                                                                                                                                              • ERR_clear_error.LIBCRYPTO-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BC82
                                                                                                                                                                                                              • PyEval_SaveThread.PYTHON312(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BC88
                                                                                                                                                                                                              • SSL_new.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BC94
                                                                                                                                                                                                              • PyEval_RestoreThread.PYTHON312(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BCA1
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BCBE
                                                                                                                                                                                                              • SSL_get0_param.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BCDA
                                                                                                                                                                                                              • X509_VERIFY_PARAM_set_hostflags.LIBCRYPTO-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BCE7
                                                                                                                                                                                                              • SSL_set_ex_data.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BCF6
                                                                                                                                                                                                              • SSL_set_fd.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BD08
                                                                                                                                                                                                              • BIO_up_ref.LIBCRYPTO-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BD1C
                                                                                                                                                                                                              • BIO_up_ref.LIBCRYPTO-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BD2E
                                                                                                                                                                                                              • SSL_set_bio.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BD40
                                                                                                                                                                                                              • SSL_ctrl.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BD55
                                                                                                                                                                                                              • SSL_get_verify_mode.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BD6F
                                                                                                                                                                                                              • SSL_get_verify_callback.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BD80
                                                                                                                                                                                                              • SSL_set_verify.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BD92
                                                                                                                                                                                                              • SSL_set_post_handshake_auth.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BD9C
                                                                                                                                                                                                              • SSL_get_rbio.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BDC9
                                                                                                                                                                                                              • BIO_ctrl.LIBCRYPTO-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BDDE
                                                                                                                                                                                                              • SSL_get_wbio.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BDE8
                                                                                                                                                                                                              • BIO_ctrl.LIBCRYPTO-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BDF9
                                                                                                                                                                                                              • PyEval_SaveThread.PYTHON312(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BDFF
                                                                                                                                                                                                              • SSL_set_connect_state.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BE11
                                                                                                                                                                                                              • SSL_set_accept_state.LIBSSL-3(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BE19
                                                                                                                                                                                                              • PyEval_RestoreThread.PYTHON312(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BE22
                                                                                                                                                                                                              • PyWeakref_NewRef.PYTHON312(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BE36
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BE83
                                                                                                                                                                                                              • PyObject_GC_Track.PYTHON312(?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188BEBA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Cannot create a client socket with a PROTOCOL_TLS_SERVER context, xrefs: 00007FFBB188BC2E
                                                                                                                                                                                                              • Cannot create a server socket with a PROTOCOL_TLS_CLIENT context, xrefs: 00007FFBB188BBE8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_Thread$DeallocO_ctrlO_up_refObject_RestoreSave$L_ctrlL_get0_paramL_get_rbioL_get_verify_callbackL_get_verify_modeL_get_wbioL_newL_set_accept_stateL_set_bioL_set_connect_stateL_set_ex_dataL_set_fdL_set_post_handshake_authL_set_verifyM_set_hostflagsR_clear_errorTrackWeakref_X509_
                                                                                                                                                                                                              • String ID: Cannot create a client socket with a PROTOCOL_TLS_SERVER context$Cannot create a server socket with a PROTOCOL_TLS_CLIENT context
                                                                                                                                                                                                              • API String ID: 4263894999-1683031804
                                                                                                                                                                                                              • Opcode ID: d7b34b0a5d2e0d605662c30fb6a15d84296a4b9919dcdd24e1e033106aee8baa
                                                                                                                                                                                                              • Instruction ID: 0eee5aa0221d1c1599167f7af22d4919338b36ce25cca23befd44c66c130701a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7b34b0a5d2e0d605662c30fb6a15d84296a4b9919dcdd24e1e033106aee8baa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCA15FB6A28A4286EB649F3AEC4452973A2FF85B98F144135CF4E437A4DF3CE445C318
                                                                                                                                                                                                              Function 00007FFBB1889E74 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 184threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Deadline_DeallocErr_Eval_O_ctrlThread$CheckFromInitL_get_rbioL_get_wbioL_write_exLong_ObjectR_clear_errorR_peek_last_errorRestoreSaveSignalsSize_tStringWeakref_
                                                                                                                                                                                                              • String ID: The write operation timed out$Underlying socket connection gone$Underlying socket has been closed.$Underlying socket too large for select().
                                                                                                                                                                                                              • API String ID: 919700936-3133696731
                                                                                                                                                                                                              • Opcode ID: 32ef765b2614b5fb95ddcffbf780e4531b0aa0e6f8fd0c14f6a5c6391627f0a1
                                                                                                                                                                                                              • Instruction ID: 0b539a8de06e94d4d73a9454b5b943dd371e488b1299c1e672a36d395d41d16f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32ef765b2614b5fb95ddcffbf780e4531b0aa0e6f8fd0c14f6a5c6391627f0a1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4714DA2E28A4685EB649F3ADC4067963A1BF89B9CF144531DF0E87794DF3CE446C348
                                                                                                                                                                                                              Function 00007FFBB1889A7C Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 182threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Deadline_DeallocEval_O_ctrlThread$Err_InitL_get_rbioL_get_wbioL_set_read_aheadL_shutdownObjectRestoreSaveStringWeakref_
                                                                                                                                                                                                              • String ID: -$The read operation timed out$The write operation timed out$Underlying socket connection gone$Underlying socket too large for select().
                                                                                                                                                                                                              • API String ID: 1084328889-4093475646
                                                                                                                                                                                                              • Opcode ID: d1a67b943567391e34991c617ade626b06432ac0e4ee87febe1d9678a0f48e46
                                                                                                                                                                                                              • Instruction ID: d3a6f38222b02c6d5af336a3f2084c1f70e3a78014c9ff0a5a5c295a7d8a0424
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1a67b943567391e34991c617ade626b06432ac0e4ee87febe1d9678a0f48e46
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1716FA1E2864286EB658F39ED4427963A2FFC5B98F544131CF0E47698DF3DE441C348
                                                                                                                                                                                                              Function 00007FFBB1885218 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 68COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1882108: OBJ_obj2txt.LIBCRYPTO-3 ref: 00007FFBB188214D
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1882108: PyUnicode_FromStringAndSize.PYTHON312 ref: 00007FFBB1882173
                                                                                                                                                                                                              • ASN1_STRING_type.LIBCRYPTO-3(?,?,?,?,00000000,00007FFBB18850ED), ref: 00007FFBB188525C
                                                                                                                                                                                                              • ASN1_STRING_length.LIBCRYPTO-3(?,?,?,?,00000000,00007FFBB18850ED), ref: 00007FFBB188526A
                                                                                                                                                                                                              • ASN1_STRING_get0_data.LIBCRYPTO-3(?,?,?,?,00000000,00007FFBB18850ED), ref: 00007FFBB1885276
                                                                                                                                                                                                              • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,00000000,00007FFBB18850ED), ref: 00007FFBB188528C
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1886598: ERR_peek_last_error.LIBCRYPTO-3 ref: 00007FFBB18865B0
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1886598: ERR_clear_error.LIBCRYPTO-3 ref: 00007FFBB18865D9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Size$BuildFromG_get0_dataG_lengthG_typeJ_obj2txtR_clear_errorR_peek_last_errorStringUnicode_Value_
                                                                                                                                                                                                              • String ID: D:\a\1\s\Modules\_ssl.c$Ns#$Ny#
                                                                                                                                                                                                              • API String ID: 264388756-3706530764
                                                                                                                                                                                                              • Opcode ID: 4732ec129086ed91732c68f4ad551715db4fc4594bcd94c192421b99f76ef898
                                                                                                                                                                                                              • Instruction ID: 5ca5e2d3d5a02b5a19e7377ea2d99bfeda2396cb87ea3cb401b80c7fcac2f9a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4732ec129086ed91732c68f4ad551715db4fc4594bcd94c192421b99f76ef898
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D42173A5A2C65282FB508B39EC446796351BF86BD8F444130EF0D86B55EF6CE1458708
                                                                                                                                                                                                              Function 00007FFBAB561880 Relevance: 13.9, APIs: 9, Instructions: 425COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3719493655-0
                                                                                                                                                                                                              • Opcode ID: 0b61fa8abd9dfcdf7751d429d18c280f61a1d7a5a4373fae919a70ebd3257318
                                                                                                                                                                                                              • Instruction ID: 57b64c9c4b721438378f16ada0992dd4dcddd3a1e0cb5da8842ec3c278904487
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b61fa8abd9dfcdf7751d429d18c280f61a1d7a5a4373fae919a70ebd3257318
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D702F8F1E2E58282E7268B35D47467927A1FB44784F5CD139DE6E826B2EE3DE444D300
                                                                                                                                                                                                              Function 00007FFBBC341CD0 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643202156.00007FFBBC341000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBBC340000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643187247.00007FFBBC340000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643218174.00007FFBBC343000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643233388.00007FFBBC345000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643248571.00007FFBBC346000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbc340000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: d65c8a1a34e4d64792bc5e4342cca281af61f0d2083b9f9249700954481b0c77
                                                                                                                                                                                                              • Instruction ID: 670d5f6ac3de1c558742f558f8fc5eb23e9e10fa1f92cdc43f0fceba0a445df9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d65c8a1a34e4d64792bc5e4342cca281af61f0d2083b9f9249700954481b0c77
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0314AB2608A8186EB60DF64E884BE97360FB85745F84413ADB4E47B98DF38D5488714
                                                                                                                                                                                                              Function 00007FFBAB563028 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: 077b0f214cb87451efc13930c849abf149ec882450af492fe5d50a1ac414abff
                                                                                                                                                                                                              • Instruction ID: a04aaeb0292aa71b57fd0015b492fec9cfaa120b2abcc504e79d714c26ae927b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 077b0f214cb87451efc13930c849abf149ec882450af492fe5d50a1ac414abff
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E83150B2A1AB8186EB629F74E8603ED7364FB44754F48803ADA5D47BA6DF3CD548C700
                                                                                                                                                                                                              Function 00007FFBAB6C3E60 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: 3d249a4d3ec741f06bccba3fca43a7136d5c4f0ed13e34deacf6695f45bbc58d
                                                                                                                                                                                                              • Instruction ID: 5f346f6700f31f8e05940aba4214e18b76fddf378e9e362aff759efed17ac42a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d249a4d3ec741f06bccba3fca43a7136d5c4f0ed13e34deacf6695f45bbc58d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15313CB270AB818AEBA18F64E8403FEB760FB85744F44943ADA5D47BA4DF38D548C710
                                                                                                                                                                                                              Function 00007FFBB188314C Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: 14127433f498ab707f95c02b3680a90db4af5ac6cf785dcfcb189b65b345eec7
                                                                                                                                                                                                              • Instruction ID: fb69dd7339e81c888ce74f06d61c88e792e9992b81c0826e2e4373765dde4f81
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14127433f498ab707f95c02b3680a90db4af5ac6cf785dcfcb189b65b345eec7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 443139B6618B8186EB608F64E8807E97371FB84748F04413ADB4E47B98EF38D649C718
                                                                                                                                                                                                              Function 00007FFBC3131AA0 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643281784.00007FFBC3131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFBC3130000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643266263.00007FFBC3130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643298480.00007FFBC3133000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643315453.00007FFBC3135000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643331694.00007FFBC3136000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbc3130000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: 99395305cdb11cdb041beb820624a25ea4585affacafc0dcd255409337a1a2bc
                                                                                                                                                                                                              • Instruction ID: f2d5cf86bb98168024f950641c77eed4474113277c4d70e8093db433e35e8018
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99395305cdb11cdb041beb820624a25ea4585affacafc0dcd255409337a1a2bc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B33173B6608B818AEBA09F70E8807EE7364F744B14F884439DA4E57B98DF3CC548C704
                                                                                                                                                                                                              Function 00007FFBAB5612F0 Relevance: 10.8, APIs: 7, Instructions: 343COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4139299733-0
                                                                                                                                                                                                              • Opcode ID: bb7a1583b311f9023fc161d2ea2417430d383a05e2e7d543d3dd2600494f88aa
                                                                                                                                                                                                              • Instruction ID: fbadf4236c092f3902dde5f6af697d03de196af4776191afb8da3b6d80a83ba7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb7a1583b311f9023fc161d2ea2417430d383a05e2e7d543d3dd2600494f88aa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24E1C1F1E2E59281EB668B39D43467D62A1FB50744F18A139DE6F436A2DE3CE841DB00
                                                                                                                                                                                                              Function 00007FFBB1884F60 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Bytes_FromO_freeR_clear_errorR_peek_last_errorSizeStringX509i2d_
                                                                                                                                                                                                              • String ID: D:\a\1\s\Modules\_ssl.c
                                                                                                                                                                                                              • API String ID: 2720122973-132925792
                                                                                                                                                                                                              • Opcode ID: b66eeea7f1de0652cb560c0117ef5806f276d9e9c61454d33aa0661b5e1ef13e
                                                                                                                                                                                                              • Instruction ID: a7268f13e2a54bed287ce4dba50d1e598cee6bf6d166a4fd3cb200109d71f3c0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b66eeea7f1de0652cb560c0117ef5806f276d9e9c61454d33aa0661b5e1ef13e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87F09091B2875282FF009B7AEC08739A352BF88BA9F005635DE4D8B715EFBCE1448714
                                                                                                                                                                                                              Function 00007FFBB18812D0 Relevance: 312.0, APIs: 80, Strings: 98, Instructions: 485COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_$Constant$Object$Long$FromLong_StringUnsigned
                                                                                                                                                                                                              • String ID: @SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM$ALERT_DESCRIPTION_ACCESS_DENIED$ALERT_DESCRIPTION_BAD_CERTIFICATE$ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE$ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE$ALERT_DESCRIPTION_BAD_RECORD_MAC$ALERT_DESCRIPTION_CERTIFICATE_EXPIRED$ALERT_DESCRIPTION_CERTIFICATE_REVOKED$ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN$ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE$ALERT_DESCRIPTION_CLOSE_NOTIFY$ALERT_DESCRIPTION_DECODE_ERROR$ALERT_DESCRIPTION_DECOMPRESSION_FAILURE$ALERT_DESCRIPTION_DECRYPT_ERROR$ALERT_DESCRIPTION_HANDSHAKE_FAILURE$ALERT_DESCRIPTION_ILLEGAL_PARAMETER$ALERT_DESCRIPTION_INSUFFICIENT_SECURITY$ALERT_DESCRIPTION_INTERNAL_ERROR$ALERT_DESCRIPTION_NO_RENEGOTIATION$ALERT_DESCRIPTION_PROTOCOL_VERSION$ALERT_DESCRIPTION_RECORD_OVERFLOW$ALERT_DESCRIPTION_UNEXPECTED_MESSAGE$ALERT_DESCRIPTION_UNKNOWN_CA$ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY$ALERT_DESCRIPTION_UNRECOGNIZED_NAME$ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE$ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION$ALERT_DESCRIPTION_USER_CANCELLED$CERT_NONE$CERT_OPTIONAL$CERT_REQUIRED$ENCODING_DER$ENCODING_PEM$HAS_ALPN$HAS_ECDH$HAS_NPN$HAS_SNI$HAS_SSLv2$HAS_SSLv3$HAS_TLS_UNIQUE$HAS_TLSv1$HAS_TLSv1_1$HAS_TLSv1_2$HAS_TLSv1_3$HOSTFLAG_ALWAYS_CHECK_SUBJECT$HOSTFLAG_MULTI_LABEL_WILDCARDS$HOSTFLAG_NEVER_CHECK_SUBJECT$HOSTFLAG_NO_PARTIAL_WILDCARDS$HOSTFLAG_NO_WILDCARDS$HOSTFLAG_SINGLE_LABEL_SUBDOMAINS$OP_ALL$OP_CIPHER_SERVER_PREFERENCE$OP_ENABLE_KTLS$OP_ENABLE_MIDDLEBOX_COMPAT$OP_IGNORE_UNEXPECTED_EOF$OP_LEGACY_SERVER_CONNECT$OP_NO_COMPRESSION$OP_NO_RENEGOTIATION$OP_NO_SSLv2$OP_NO_SSLv3$OP_NO_TICKET$OP_NO_TLSv1$OP_NO_TLSv1_1$OP_NO_TLSv1_2$OP_NO_TLSv1_3$OP_SINGLE_DH_USE$OP_SINGLE_ECDH_USE$PROTOCOL_SSLv23$PROTOCOL_TLS$PROTOCOL_TLS_CLIENT$PROTOCOL_TLS_SERVER$PROTOCOL_TLSv1$PROTOCOL_TLSv1_1$PROTOCOL_TLSv1_2$PROTO_MAXIMUM_SUPPORTED$PROTO_MINIMUM_SUPPORTED$PROTO_SSLv3$PROTO_TLSv1$PROTO_TLSv1_1$PROTO_TLSv1_2$PROTO_TLSv1_3$SSL_ERROR_EOF$SSL_ERROR_INVALID_ERROR_CODE$SSL_ERROR_SSL$SSL_ERROR_SYSCALL$SSL_ERROR_WANT_CONNECT$SSL_ERROR_WANT_READ$SSL_ERROR_WANT_WRITE$SSL_ERROR_WANT_X509_LOOKUP$SSL_ERROR_ZERO_RETURN$VERIFY_ALLOW_PROXY_CERTS$VERIFY_CRL_CHECK_CHAIN$VERIFY_CRL_CHECK_LEAF$VERIFY_DEFAULT$VERIFY_X509_PARTIAL_CHAIN$VERIFY_X509_STRICT$VERIFY_X509_TRUSTED_FIRST$_DEFAULT_CIPHERS
                                                                                                                                                                                                              • API String ID: 1939824370-504456051
                                                                                                                                                                                                              • Opcode ID: 743f02d0a262f511aea26fa8e7de194dc5c07409eb15afaf2bf4f5b2557464c0
                                                                                                                                                                                                              • Instruction ID: f0b616a1c40bfe7ca9bc9de255c2dfaff24d530cffeee67a04bcdcafd2b7f6ab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 743f02d0a262f511aea26fa8e7de194dc5c07409eb15afaf2bf4f5b2557464c0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3432BAE4B78B1391FB149B3EEC906642722BF46BA8F445135CE0E87790EE6DE148C758
                                                                                                                                                                                                              Function 00007FFBB18879CC Relevance: 79.0, APIs: 34, Strings: 11, Instructions: 218threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$Warn$DeallocEval_FormatModule_R_clear_errorStateStringThreadX509_X_ctrl$M_set_flagsM_set_hostflagsModuleRestoreS_client_methodS_methodS_server_methodSaveSv1_1_methodSv1_2_methodSv1_methodType_X_freeX_get0_paramX_newX_set_cipher_listX_set_optionsX_set_post_handshake_authX_set_session_id_context
                                                                                                                                                                                                              • String ID: @SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM$Cannot find internal module state$Failed to set minimum protocol 0x%x$HIGH:!aNULL:!eNULL$No cipher can be selected.$Python$invalid or unsupported protocol version %i$ssl.PROTOCOL_TLS is deprecated$ssl.PROTOCOL_TLSv1 is deprecated$ssl.PROTOCOL_TLSv1_1 is deprecated$ssl.PROTOCOL_TLSv1_2 is deprecated
                                                                                                                                                                                                              • API String ID: 4028604904-3748777976
                                                                                                                                                                                                              • Opcode ID: 89fb8a6e6a00e87cc1b747ecfedc4414e2c19169d28b96e40d049f23e68e6d93
                                                                                                                                                                                                              • Instruction ID: 655606e1edde6fcdacae1703f0bb85658125113584456c0cadcc07dff0dea633
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89fb8a6e6a00e87cc1b747ecfedc4414e2c19169d28b96e40d049f23e68e6d93
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CA130B1A28A4282EB549F3DED5423823B2FF84B9CF104635CB1E87660DF7CE5459318
                                                                                                                                                                                                              Function 00007FFBAB6C27C0 Relevance: 73.7, APIs: 12, Strings: 30, Instructions: 229COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_$Constant$FromType$LongModuleSpecType_$Err_ExceptionLong_ObjectStateTuple_With
                                                                                                                                                                                                              • String ID: CHECK_CRC32$CHECK_CRC64$CHECK_ID_MAX$CHECK_NONE$CHECK_SHA256$CHECK_UNKNOWN$Call to liblzma failed.$FILTER_ARM$FILTER_ARMTHUMB$FILTER_DELTA$FILTER_IA64$FILTER_LZMA1$FILTER_LZMA2$FILTER_POWERPC$FILTER_SPARC$FILTER_X86$FORMAT_ALONE$FORMAT_AUTO$FORMAT_RAW$FORMAT_XZ$MF_BT2$MF_BT3$MF_BT4$MF_HC3$MF_HC4$MODE_FAST$MODE_NORMAL$PRESET_DEFAULT$PRESET_EXTREME$_lzma.LZMAError
                                                                                                                                                                                                              • API String ID: 2322464913-730042774
                                                                                                                                                                                                              • Opcode ID: b091e49e01b098b25a876694f3ea7601ad3c204f15de4486665e150d791b2536
                                                                                                                                                                                                              • Instruction ID: 650f4510014eaa64691c8a456752f150b1f0f8a93911155c212bbbc08932b9b2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b091e49e01b098b25a876694f3ea7601ad3c204f15de4486665e150d791b2536
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31A164A0B1A71282E7669F3EED401B5E765AF06788F44E034CD2D86675EE5DF504CB10
                                                                                                                                                                                                              Function 00007FFBB1887E40 Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 206threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$DeallocR_clear_errorStringUnicode_X_set_default_passwd_cbX_set_default_passwd_cb_userdata$ConverterEval_ExceptionFreeMatchesMem_Thread_errno$Callable_CheckErrnoFormatFromR_peek_last_errorRestoreSaveX_get_default_passwd_cbX_get_default_passwd_cb_userdataX_use_certificate_chain_file
                                                                                                                                                                                                              • String ID: certfile should be a valid filesystem path$keyfile should be a valid filesystem path$password should be a string or callable
                                                                                                                                                                                                              • API String ID: 1360066414-998072137
                                                                                                                                                                                                              • Opcode ID: 45e034edb1b9ca169aaf5994620ca302aa0d9bb916208b66d15f492dcda65a65
                                                                                                                                                                                                              • Instruction ID: 54d675b5746ab9ec5c3fe91002f60a105462e862376306720187b5d3a4549ae3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45e034edb1b9ca169aaf5994620ca302aa0d9bb916208b66d15f492dcda65a65
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FEA1E7AAA29A42C6EB109F79EC5407933B2FF84B9DB104531CF0E83A54CF3DE4558328
                                                                                                                                                                                                              Function 00007FFBB188B5B0 Relevance: 63.3, APIs: 29, Strings: 7, Instructions: 251COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _Py_BuildValue_SizeT.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B61E
                                                                                                                                                                                                              • PyDict_GetItemWithError.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B637
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B64D
                                                                                                                                                                                                              • PyErr_Occurred.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B658
                                                                                                                                                                                                              • PyLong_FromLong.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B669
                                                                                                                                                                                                              • PyDict_GetItemWithError.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B682
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B698
                                                                                                                                                                                                              • PyErr_Occurred.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B6A3
                                                                                                                                                                                                              • ERR_reason_error_string.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B6C2
                                                                                                                                                                                                              • SSL_get_verify_result.LIBSSL-3(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B704
                                                                                                                                                                                                              • PyLong_FromLong.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B70E
                                                                                                                                                                                                              • X509_verify_cert_error_string.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B72C
                                                                                                                                                                                                              • PyUnicode_FromString.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B73A
                                                                                                                                                                                                              • PyUnicode_FromFormat.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B768
                                                                                                                                                                                                              • PyUnicode_FromFormat.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B7A4
                                                                                                                                                                                                              • PyUnicode_FromFormat.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B7D1
                                                                                                                                                                                                              • PyUnicode_FromFormat.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B7F3
                                                                                                                                                                                                              • PyUnicode_FromFormat.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B80D
                                                                                                                                                                                                              • _Py_BuildValue_SizeT.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B843
                                                                                                                                                                                                              • PyObject_CallObject.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B860
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B877
                                                                                                                                                                                                              • PyObject_SetAttr.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B89E
                                                                                                                                                                                                              • PyObject_SetAttr.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B8BD
                                                                                                                                                                                                              • PyObject_SetAttr.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B8E7
                                                                                                                                                                                                              • PyObject_SetAttr.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B8FE
                                                                                                                                                                                                              • PyErr_SetObject.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B90E
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B922
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B93C
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,00000000,00000000,00000000,00007FFBB18865D9), ref: 00007FFBB188B955
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: From$DeallocUnicode_$FormatObject_$Attr$Err_$BuildDict_ErrorItemLongLong_ObjectOccurredSizeValue_With$CallL_get_verify_resultR_reason_error_stringStringX509_verify_cert_error_string
                                                                                                                                                                                                              • String ID: %s (_ssl.c:%d)$Hostname mismatch, certificate is not valid for '%S'.$IP address mismatch, certificate is not valid for '%S'.$[%S: %S] %s (_ssl.c:%d)$[%S: %S] %s: %S (_ssl.c:%d)$[%S] %s (_ssl.c:%d)$unknown error
                                                                                                                                                                                                              • API String ID: 628883730-2914327905
                                                                                                                                                                                                              • Opcode ID: 0b7a20798d908464ea503a25f487752e06a876e86ff50e913074d28ce7c51e45
                                                                                                                                                                                                              • Instruction ID: cb6be2a52643c864148424b080c3ee73b2c7c8a3aa5e2158de163312eb64abc2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b7a20798d908464ea503a25f487752e06a876e86ff50e913074d28ce7c51e45
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCB140A1A29A4385EB649F3ADD4477963A2BF85B98F084134CF4E87764EF3CE405C718
                                                                                                                                                                                                              Function 00007FFBB188B108 Relevance: 47.4, APIs: 16, Strings: 11, Instructions: 143COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: J_nid2ln$BuildR_descriptionR_get_auth_nidR_get_bitsR_get_cipher_nidR_get_digest_nidR_get_idR_get_kx_nidR_get_nameR_get_versionR_is_aeadSizeValue_memset
                                                                                                                                                                                                              • String ID: aead$alg_bits$auth$description$digest$kea$name$protocol$strength_bits$symmetric${sksssssssisisOssssssss}
                                                                                                                                                                                                              • API String ID: 2466739568-4085912083
                                                                                                                                                                                                              • Opcode ID: 34915956815976ab76b9f9f1c539cc533790e99fb67cf713b23ce024dc7fa944
                                                                                                                                                                                                              • Instruction ID: 6107c00ab25a22350a8397deb488561faaf5f57a5c02e8112ed7feef9c65159d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34915956815976ab76b9f9f1c539cc533790e99fb67cf713b23ce024dc7fa944
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34615F71A19B8281EB209F79FC442AA73A5FB88798F401236DB5E83764DF3CE445C714
                                                                                                                                                                                                              Function 00007FFBB18895C8 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 239threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyWeakref_GetObject.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB1889601
                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB188962E
                                                                                                                                                                                                              • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB1889680
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB18896AA
                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB18896F0
                                                                                                                                                                                                              • SSL_get_rbio.LIBSSL-3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB1889718
                                                                                                                                                                                                              • BIO_ctrl.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB188972D
                                                                                                                                                                                                              • SSL_get_wbio.LIBSSL-3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB1889737
                                                                                                                                                                                                              • BIO_ctrl.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB1889748
                                                                                                                                                                                                              • _PyDeadline_Init.PYTHON312 ref: 00007FFBB1889764
                                                                                                                                                                                                              • PyEval_SaveThread.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB1889777
                                                                                                                                                                                                              • SSL_read_ex.LIBSSL-3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB188978F
                                                                                                                                                                                                              • PyEval_RestoreThread.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB18897C3
                                                                                                                                                                                                              • PyErr_CheckSignals.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB18897D8
                                                                                                                                                                                                              • _PyDeadline_Get.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB18897F2
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB18898CD
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1886598: ERR_peek_last_error.LIBCRYPTO-3 ref: 00007FFBB18865B0
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1886598: ERR_clear_error.LIBCRYPTO-3 ref: 00007FFBB18865D9
                                                                                                                                                                                                              • SSL_get_shutdown.LIBSSL-3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB1889847
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB188988F
                                                                                                                                                                                                              • _PyBytes_Resize.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB18898A2
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB18898FB
                                                                                                                                                                                                              • PyLong_FromSize_t.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBB1889596), ref: 00007FFBB188990A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Err_String$Bytes_Deadline_Eval_FromO_ctrlThread$CheckInitL_get_rbioL_get_shutdownL_get_wbioL_read_exLong_ObjectR_clear_errorR_peek_last_errorResizeRestoreSaveSignalsSizeSize_tWeakref_
                                                                                                                                                                                                              • String ID: The read operation timed out$Underlying socket connection gone$maximum length can't fit in a C 'int'$size should not be negative
                                                                                                                                                                                                              • API String ID: 2735577670-665203206
                                                                                                                                                                                                              • Opcode ID: 45381d095979e6a5c4fa07b50935bd70093201e68af3cd9ede9ec5db51607fbb
                                                                                                                                                                                                              • Instruction ID: 2a6c89b78d379b7b0589542f89036b1330fad14e3f5b633fd6bf00f4ed52dc62
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45381d095979e6a5c4fa07b50935bd70093201e68af3cd9ede9ec5db51607fbb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DA14AB2E29A0386EB659F79DC8057963A1BF84B9CF144135CF0E86A58DF3DE442C358
                                                                                                                                                                                                              Function 00007FFBB1886388 Relevance: 42.1, APIs: 23, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Err_State_$ReleaseUnraisableWrite$ArgsCallFunctionObjectObject_$EncodedEnsureFromL_get_ex_dataL_get_servernameLongLong_OccurredUnicode_Weakref_
                                                                                                                                                                                                              • String ID: ascii
                                                                                                                                                                                                              • API String ID: 3188396730-3510295289
                                                                                                                                                                                                              • Opcode ID: 189e6f42e4bf677b20598d57cd1a8db104f5d28d2a2e070db8670a357d3dd53c
                                                                                                                                                                                                              • Instruction ID: 194353637382160b52b390c8788f2219ed34355c798b1a0b7c00d9fef2432d9b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 189e6f42e4bf677b20598d57cd1a8db104f5d28d2a2e070db8670a357d3dd53c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC514BB5A29A0286FB549F39ED5833D23A2FF45BA8F144530DB0E86B54DF3DE4448718
                                                                                                                                                                                                              Function 00007FFBB1884FD0 Relevance: 36.2, APIs: 24, Instructions: 170COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocList_$X509_$AppendTuple$Y_set$E_entry_countE_get_entryY_get_dataY_get_object
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3918441104-0
                                                                                                                                                                                                              • Opcode ID: 4c599279044c2b5926d546373239c01e32dbb33a6de82c31c37f6d26ac3af5bd
                                                                                                                                                                                                              • Instruction ID: 1fff3f7370b04ae3aa2dc5be7f6a83dcb16b7e6a1d3dbca8e497dfd3fb1cad39
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c599279044c2b5926d546373239c01e32dbb33a6de82c31c37f6d26ac3af5bd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22613DB5A29A0381FB595B39ED5423963E2BF46F99F480534CF0E86691FF3CA4418319
                                                                                                                                                                                                              Function 00007FFBB1884D4C Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_clear_errorR_peek_last_error$E_add_certErr_M_read_bio_O_ctrlO_freeO_new_mem_bufStringX509X509_X509_bioX509_freeX_get_cert_storeX_get_default_passwd_cbX_get_default_passwd_cb_userdatad2i_
                                                                                                                                                                                                              • String ID: Can't allocate buffer$Certificate data is too long.$Empty certificate data$no start line: cadata does not contain a certificate$not enough data: cadata does not contain a certificate
                                                                                                                                                                                                              • API String ID: 2827233063-3246380861
                                                                                                                                                                                                              • Opcode ID: 017127a7c6470b4fa99fa986661b157a08507348558574f721bdba2db58865b8
                                                                                                                                                                                                              • Instruction ID: d26ae7e63011745757ed8ec3a287abe65c0cbaaf28a5aa49124d1e2c801ac30b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 017127a7c6470b4fa99fa986661b157a08507348558574f721bdba2db58865b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 105185A2A2CA4382FB649B3EEC406396391BF84B9CF540535DF1E87B95DF3CE4458218
                                                                                                                                                                                                              Function 00007FFBB188A4C8 Relevance: 34.7, APIs: 23, Instructions: 200encryptionCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Cert$Store$FromSet_$Bytes_CertificateCertificatesCloseContextEnumErr_ErrorFreeLastListOpenSequence_SizeStringTuple_Windows
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3212101135-0
                                                                                                                                                                                                              • Opcode ID: 618613933b9525de738423308d8be787a6f12cec378c3d955194368ebbdca401
                                                                                                                                                                                                              • Instruction ID: 9e5029c7b3d85ac6217d9dcfbe8fd000f82eb94c264dcf8bf84f54148b6bfc74
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 618613933b9525de738423308d8be787a6f12cec378c3d955194368ebbdca401
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F815BB5E2960285EB55AF39EE1413923A1BF84BACF084630CF0E467C5DF3DE8959318
                                                                                                                                                                                                              Function 00007FFBB188AA90 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Bytes_DeallocDecodeDefaultFromStringUnicode_$BuildSizeValue_X509_get_default_cert_dirX509_get_default_cert_dir_envX509_get_default_cert_fileX509_get_default_cert_file_env
                                                                                                                                                                                                              • String ID: NNNN
                                                                                                                                                                                                              • API String ID: 3186749377-3742719684
                                                                                                                                                                                                              • Opcode ID: 68e5f850f44e36583697284f1a4b074d4d52e6422fb5c173114313da81679834
                                                                                                                                                                                                              • Instruction ID: c5b5e693cffc3c4b8e81a5ea87f17ed2f81ca4c994f6c9b440c74b0955320508
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68e5f850f44e36583697284f1a4b074d4d52e6422fb5c173114313da81679834
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7551EDB5A29B4386EB559F3DDD5463863A2BF54B98F084A30CF4E46794EF3CE4418318
                                                                                                                                                                                                              Function 00007FFBBC342520 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 123threadtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643202156.00007FFBBC341000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBBC340000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643187247.00007FFBBC340000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643218174.00007FFBBC343000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643233388.00007FFBBC345000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643248571.00007FFBBC346000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbc340000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_Thread$Err_Thread_acquire_lock_timedTime_$CallsDeadline_FromMakeMicrosecondsModuleNoneObjectPendingRestoreSaveSecondsState_StringThread_release_lockType_
                                                                                                                                                                                                              • String ID: 'timeout' must be a non-negative number$timeout value is too large
                                                                                                                                                                                                              • API String ID: 1400298838-4256478105
                                                                                                                                                                                                              • Opcode ID: ae030b509b15a6c7677f6a4e67982769b1749229b47bb73a47934f13f0a5e883
                                                                                                                                                                                                              • Instruction ID: dd7d7d79cd7a1d566e668884a90cd2507c648528ade820697960f56d034cee1e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae030b509b15a6c7677f6a4e67982769b1749229b47bb73a47934f13f0a5e883
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 295190E1B08A16D2EA50DB3AE89893963A0FF88F95F800531CF5E57B94DF7DE4458348
                                                                                                                                                                                                              Function 00007FFBB1881CC0 Relevance: 30.2, APIs: 20, Instructions: 217COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Module_State
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3434497292-0
                                                                                                                                                                                                              • Opcode ID: df8bf85f5e8c70f47a5b2abf07a8c0ec892031494dbdeeac6059f11fa3392953
                                                                                                                                                                                                              • Instruction ID: 7aea75e7fb65b911398ee1632eac223dab84ddd7a3c0f4079eab9a52c4091a13
                                                                                                                                                                                                              • Opcode Fuzzy Hash: df8bf85f5e8c70f47a5b2abf07a8c0ec892031494dbdeeac6059f11fa3392953
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FA1C4B292EA02C9EBAA9F7CDD5427833A4FF45F5DB244930CB4E45595CF2EA441C318
                                                                                                                                                                                                              Function 00007FFBB188A860 Relevance: 30.2, APIs: 20, Instructions: 162encryptionCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Cert$Store$FromSet_$Bytes_CloseContextEnumErr_ErrorFreeLastListOpenSequence_SizeStringTuple_Windows
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2193414262-0
                                                                                                                                                                                                              • Opcode ID: 3fa5736e7ae46d5f4ede4ba2549a79851e73494609950d1fc6cb1e9a9987f3a8
                                                                                                                                                                                                              • Instruction ID: c11f26a2034bc738f93f69b08e96b9d3a7898663e10193ba135f732e5068bf01
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3fa5736e7ae46d5f4ede4ba2549a79851e73494609950d1fc6cb1e9a9987f3a8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB613DB6A2DA4282EB555F39DE0413873A5BF44FA9F194630CF1E46BD0DE3CA441C318
                                                                                                                                                                                                              Function 00007FFBB1883E8C Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 160COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_clear_error$Err_FromObjectR_peek_last_errorWeakref_Windows
                                                                                                                                                                                                              • String ID: A failure in the SSL library occurred$EOF occurred in violation of protocol$Invalid error code$Some I/O error occurred$TLS/SSL connection has been closed (EOF)$The operation did not complete (X509 lookup)$The operation did not complete (connect)$The operation did not complete (read)$The operation did not complete (write)
                                                                                                                                                                                                              • API String ID: 2320205569-3413158800
                                                                                                                                                                                                              • Opcode ID: 814aee88f93e1f3b637e655ccc5c8946583a636386bfb0f358a4da2d6c79fd36
                                                                                                                                                                                                              • Instruction ID: 16b879ca08f07fb057723035e7e032ceacaf04185e39992e55c578764ea660f7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 814aee88f93e1f3b637e655ccc5c8946583a636386bfb0f358a4da2d6c79fd36
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9616BA3A2C94686EB958F7DDC0037A3361BB84B98F190131DF4E53794CE3EE9468309
                                                                                                                                                                                                              Function 00007FFBB1887750 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$L_sk_numL_sk_pop_freeList_X509X509_$AppendErr_L_sk_valueStringT_get0_T_get_typeX509_check_caX_get_cert_storei2d_
                                                                                                                                                                                                              • String ID: failed to query cert store
                                                                                                                                                                                                              • API String ID: 188430245-2018196157
                                                                                                                                                                                                              • Opcode ID: 7d58ad7a2ae8215628e58f06064ded71f821576182442e5e89a04522a8de8d14
                                                                                                                                                                                                              • Instruction ID: ef4c9f3cac611c4b737a61970ff002b2870779d4f47f288fbbb3b97c57496353
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d58ad7a2ae8215628e58f06064ded71f821576182442e5e89a04522a8de8d14
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1641ECA5A2960781FB58AB3AEC5423923A2BF45FA9F044134CF0E86795EE3CE445C31C
                                                                                                                                                                                                              Function 00007FFBB188470C Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 83threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_Thread$O_ctrlRestoreSaveX_set_keylog_callback$DeallocErr_O_free_allO_new_fpO_putsPy_fopen_objString
                                                                                                                                                                                                              • String ID: # TLS secrets log file, generated by OpenSSL / Python$Can't malloc memory for keylog file
                                                                                                                                                                                                              • API String ID: 2661017659-2802485923
                                                                                                                                                                                                              • Opcode ID: c737d2ab6ac0a509730a628caa67505ca4c2c40a4b51279cf551469d2e86585a
                                                                                                                                                                                                              • Instruction ID: a2e78e95dc5fe201195a1d9c38d26f5b71f0fb8246de5d8ee427d5929674a5e0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c737d2ab6ac0a509730a628caa67505ca4c2c40a4b51279cf551469d2e86585a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A414CB6A28B0686EB14AF39ED4476823A1FF49B99F145130CB0E87B54DF3CF4658318
                                                                                                                                                                                                              Function 00007FFBB1885808 Relevance: 27.1, APIs: 18, Instructions: 111COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocList_$L_sk_numS_free$Size$AppendFromJ_obj2nidL_sk_valueStringTupleUnicode_X509_get_ext_d2i
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 230305477-0
                                                                                                                                                                                                              • Opcode ID: 4a3a2a0c197c120123287c4cad6df3dc21847620dfcc60481acda2caa4745e34
                                                                                                                                                                                                              • Instruction ID: 0ba10eab68e601a751316d1640e366b1563f191f80d68790aaa9d3c2fd8d7c1e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a3a2a0c197c120123287c4cad6df3dc21847620dfcc60481acda2caa4745e34
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3414CA1E29A0281EB549F3AED5463963A2BF86FA9F044035CF4F86755EF3CE4458318
                                                                                                                                                                                                              Function 00007FFBAB6B71F0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 156threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Err_LongString$Bytes_FromLong_ModuleOccurredSizeStateThread_allocate_lockType_Unsigned
                                                                                                                                                                                                              • String ID: Cannot specify filters except with FORMAT_RAW$Cannot specify memory limit with FORMAT_RAW$Invalid container format: %d$Must specify filters for FORMAT_RAW$Unable to allocate lock
                                                                                                                                                                                                              • API String ID: 553332449-1518367256
                                                                                                                                                                                                              • Opcode ID: 83269ee791d243be0076bb43cd9e278918348ca24e3dda33455d90f1b8b1c2f8
                                                                                                                                                                                                              • Instruction ID: 7912e7c4ca5b6b1d31d4940a700cf84ee86644aa6bd49df5c530f93138855130
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83269ee791d243be0076bb43cd9e278918348ca24e3dda33455d90f1b8b1c2f8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E6171A2A0EA4281EA668F79EC142B9F7A0FF45B94F08E135CD2D066B5DF3CE4448350
                                                                                                                                                                                                              Function 00007FFBAB6C0CAC Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 112COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$LongMem_String$Arg_CallocClearDeallocExceptionFreeItemKeywords_Long_Mapping_MatchesOccurredParseSizeTupleUnsigned
                                                                                                                                                                                                              • String ID: Invalid compression preset: %u$Invalid filter specifier for LZMA filter$preset$|OOO&O&O&O&O&O&O&O&
                                                                                                                                                                                                              • API String ID: 1879153319-1461672608
                                                                                                                                                                                                              • Opcode ID: f4c4c6e41dfebc803be0e4ebb02aeaa3e2e4c228a037d78fce276d899d29ed1e
                                                                                                                                                                                                              • Instruction ID: f26fd76b6c51c55511dd45160c7515af02a57431e0afefdb2b3e11165214dbe6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4c4c6e41dfebc803be0e4ebb02aeaa3e2e4c228a037d78fce276d899d29ed1e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA5140B560AB4281E6618F28FC442B9B7A4FB8AB84F54A035CEAD43B34DF3CE454C740
                                                                                                                                                                                                              Function 00007FFBB1887584 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 74COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: L_sk_numX509_$BuildE_lockErr_L_sk_pop_freeL_sk_valueSizeStringT_get_typeValue_X_get_cert_store
                                                                                                                                                                                                              • String ID: crl$failed to query cert store$x509$x509_ca${sisisi}
                                                                                                                                                                                                              • API String ID: 4244212332-466295505
                                                                                                                                                                                                              • Opcode ID: edd967bd5dff52c97df4ed370572a702fbe7b57f2266ed38d5b66ac430084ec3
                                                                                                                                                                                                              • Instruction ID: 4856dfcbfbbae622b6ef724ea30458ebb87886398bc8ee3dced5747c1379940e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: edd967bd5dff52c97df4ed370572a702fbe7b57f2266ed38d5b66ac430084ec3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B93138A1A28B4386EB109F3EEC5453973A1FF88BA8F401235DA4E83364DE3CE4458758
                                                                                                                                                                                                              Function 00007FFBB188673C Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_free$Err_String$DecodeM_write_bio_ModuleO_ctrlO_newO_s_memR_clear_errorR_peek_last_errorStateType_Unicode_X509_X509_bioi2d_
                                                                                                                                                                                                              • String ID: Unsupported format$error$failed to allocate BIO$i
                                                                                                                                                                                                              • API String ID: 629801032-3389475273
                                                                                                                                                                                                              • Opcode ID: 292671808ae26664c77de916b91ac412d414539ed4c6a8d470ab73bfb0f74039
                                                                                                                                                                                                              • Instruction ID: 8fd0e3ada83845d31db27efd96ea138d372279e798d046b000fce5a0251c0c98
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 292671808ae26664c77de916b91ac412d414539ed4c6a8d470ab73bfb0f74039
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 793118E5A28A4381EB24AB3DFC5403963A2BF88B98F245531DB0E47765EF2CE4458358
                                                                                                                                                                                                              Function 00007FFBB18824D4 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_$BuildFromOpenSizeValue_$L_versionL_version_numLongLong_StringUnicode_Unsigned
                                                                                                                                                                                                              • String ID: IIIII$OPENSSL_VERSION$OPENSSL_VERSION_INFO$OPENSSL_VERSION_NUMBER$_OPENSSL_API_VERSION
                                                                                                                                                                                                              • API String ID: 1934562181-595941748
                                                                                                                                                                                                              • Opcode ID: 2151b4f301e8ead72b198810b71aedc5057ec5f617d0bf03aa737d876a48d9ab
                                                                                                                                                                                                              • Instruction ID: 79f83549efc1646a0093f76c80b21b0fd35026b6ce9339f31a1326ec3228da4e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2151b4f301e8ead72b198810b71aedc5057ec5f617d0bf03aa737d876a48d9ab
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D21A0A1F28B1382FB208B39FC5456967A2FF85B98B504235DB0E87B54DE7CE144C724
                                                                                                                                                                                                              Function 00007FFBB188A25C Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • a2i_IPADDRESS.LIBCRYPTO-3(?,?,?,?,?,00007FFBB188BDB2,?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188A2A1
                                                                                                                                                                                                              • ERR_clear_error.LIBCRYPTO-3(?,?,?,?,?,00007FFBB188BDB2,?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188A2AF
                                                                                                                                                                                                              • PyUnicode_Decode.PYTHON312(?,?,?,?,?,00007FFBB188BDB2,?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188A2C9
                                                                                                                                                                                                              • SSL_ctrl.LIBSSL-3(?,?,?,?,?,00007FFBB188BDB2,?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188A2EE
                                                                                                                                                                                                              • SSL_get0_param.LIBSSL-3(?,?,?,?,?,00007FFBB188BDB2,?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188A325
                                                                                                                                                                                                              • X509_VERIFY_PARAM_set1_host.LIBCRYPTO-3(?,?,?,?,?,00007FFBB188BDB2,?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188A346
                                                                                                                                                                                                              • ASN1_STRING_length.LIBCRYPTO-3(?,?,?,?,?,00007FFBB188BDB2,?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188A35D
                                                                                                                                                                                                              • ASN1_STRING_get0_data.LIBCRYPTO-3(?,?,?,?,?,00007FFBB188BDB2,?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188A369
                                                                                                                                                                                                              • X509_VERIFY_PARAM_set1_ip.LIBCRYPTO-3(?,?,?,?,?,00007FFBB188BDB2,?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188A378
                                                                                                                                                                                                              • ASN1_OCTET_STRING_free.LIBCRYPTO-3(?,?,?,?,?,00007FFBB188BDB2,?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188A3A8
                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FFBB188BDB2,?,?,00007FFBAA8ED290,?,?,?,00000000,00007FFBB1887349), ref: 00007FFBB188A3C1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: X509_$DecodeErr_G_freeG_get0_dataG_lengthL_ctrlL_get0_paramM_set1_hostM_set1_ipR_clear_errorStringUnicode_a2i_
                                                                                                                                                                                                              • String ID: ascii$server_hostname cannot be an empty string or start with a leading dot.$strict
                                                                                                                                                                                                              • API String ID: 2286705765-138613600
                                                                                                                                                                                                              • Opcode ID: d03620728174ff0fe4bd9d930bf0f542c6f359d3e3c55c5672b31a9030119b17
                                                                                                                                                                                                              • Instruction ID: f9866d656380f52e2260d9f53a5101af97711d7bc9fe49deed56adff9c0e4283
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d03620728174ff0fe4bd9d930bf0f542c6f359d3e3c55c5672b31a9030119b17
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 054131A1A2864282EB218F3EDC5463967A1FF85B9CF044231DB4E47BA4DF7CE4458708
                                                                                                                                                                                                              Function 00007FFBB1884ADC Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 64threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_Eval_State_Thread_errno$EnsureErrnoExceptionFilenameFromL_get_ex_dataO_ctrlO_printfObjectRaisedReleaseRestoreSaveThread_acquire_lockThread_release_lockWith
                                                                                                                                                                                                              • String ID: %s
                                                                                                                                                                                                              • API String ID: 1935682029-620797490
                                                                                                                                                                                                              • Opcode ID: fa877646a0bc7990ff900c6e59c34cb73ee87f315be1936dc2f947063fc90cf5
                                                                                                                                                                                                              • Instruction ID: 09b8ca053acdf5aa9a11e88fd6c8217415e317a068fbf214817144665595f6ce
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa877646a0bc7990ff900c6e59c34cb73ee87f315be1936dc2f947063fc90cf5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7321EAB6A14A4182EB109B7AEC546297372FB89FE8F504631DF4E83724DF3CE4858714
                                                                                                                                                                                                              Function 00007FFBAB6B81F0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_Buffer_$ArgumentBufferContiguousErr_IndexKeywordsLong_Number_Object_OccurredReleaseSsize_tUnpackmemset
                                                                                                                                                                                                              • String ID: argument 'data'$contiguous buffer$decompress
                                                                                                                                                                                                              • API String ID: 883004049-2667845042
                                                                                                                                                                                                              • Opcode ID: bd01afbcdf428c3c6fd1533d6da37d25cba52a063e969e166f86159c4183e5fb
                                                                                                                                                                                                              • Instruction ID: ddb493df4b98c4090a375e52c6d9433adbbdbeffdf51363067c64175478402df
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd01afbcdf428c3c6fd1533d6da37d25cba52a063e969e166f86159c4183e5fb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 044183A2A4AF5282EA628F79DC44679B7A0FB45B90F48A131DE6D137B4DF3CE405C740
                                                                                                                                                                                                              Function 00007FFBB1886CB4 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Buffer_$Arg_$ArgumentBufferCheckContiguousDoubleErr_FillFloat_InfoObject_OccurredPositionalReleaseSizeUnicode_memset
                                                                                                                                                                                                              • String ID: RAND_add$argument 1$contiguous buffer
                                                                                                                                                                                                              • API String ID: 2392993315-868614225
                                                                                                                                                                                                              • Opcode ID: 6e6b601f89ededaeed0d8d73d4baf1c5641ed4050ca5003696b5196ae77d45ce
                                                                                                                                                                                                              • Instruction ID: d0ffb81c22a28279552e7f28ba0e3632b5a3d9e9dd039a119d2ccea1a3e3e960
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e6b601f89ededaeed0d8d73d4baf1c5641ed4050ca5003696b5196ae77d45ce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F418FA2A28A4681EB109F3DEC407B96362FF84B8CFA49131DB0D57664DF3DE985C704
                                                                                                                                                                                                              Function 00007FFBB188A164 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$Bytes_DeallocErr_M_read_bio_Module_O_ctrlO_freeO_newO_s_fileStateX509X509_free
                                                                                                                                                                                                              • String ID: Can't malloc memory to read file$Can't open file$Error decoding PEM-encoded file
                                                                                                                                                                                                              • API String ID: 2561677103-2145957498
                                                                                                                                                                                                              • Opcode ID: 6a5f2705f88bddb11ab39b9728de2f4bb82e27ad7ea4ec875802c8952d629f76
                                                                                                                                                                                                              • Instruction ID: 8a155371a7abd3df2da3a7304834dca16b29ab334c4d30a24607cb19c34906ed
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a5f2705f88bddb11ab39b9728de2f4bb82e27ad7ea4ec875802c8952d629f76
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F2119A5A28B1282FB248B7AED5453963A2BB85FD8F445230DF0E47B54EF3DE4418308
                                                                                                                                                                                                              Function 00007FFBAB6C1110 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 143threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_$Arg_FormatKeywords_ModuleParseSizeStateStringThread_allocate_lockTupleType_
                                                                                                                                                                                                              • String ID: Cannot specify both preset and filter chain$Integrity checks are only supported by FORMAT_XZ$Invalid container format: %d$Unable to allocate lock$|iiOO:LZMACompressor
                                                                                                                                                                                                              • API String ID: 1600877341-3984722346
                                                                                                                                                                                                              • Opcode ID: 1e688a17dabf5163ed9c27b377d890ab5408a498247c306a90725e182f9f5b69
                                                                                                                                                                                                              • Instruction ID: 834737960c515f1e44892fd10ec47786b03fd438beda868987f2daa4c52b0483
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e688a17dabf5163ed9c27b377d890ab5408a498247c306a90725e182f9f5b69
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 326150B5A0AB1285EB628F39DC440B8B7A4FB4A798F44A132DD2D43764DF3CD984D740
                                                                                                                                                                                                              Function 00007FFBB1881000 Relevance: 21.1, APIs: 14, Instructions: 116COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dict_$From$DeallocItemStringUnicode_$BuildLongLong_Module_SizeStateValue_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4085978302-0
                                                                                                                                                                                                              • Opcode ID: 1916cb0f66c8a6532ad634327cb8a9e4a94c340ca870efe73f3068bc70bd46b6
                                                                                                                                                                                                              • Instruction ID: b38daf02407c6701bb3c930e42058242fda7f4ef2fce1b86fe9d83394d319659
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1916cb0f66c8a6532ad634327cb8a9e4a94c340ca870efe73f3068bc70bd46b6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF5117B5A2AB42C6EB669B39EC4427922E5FF49B98F045130CB0D82795EF3DF441C318
                                                                                                                                                                                                              Function 00007FFBB1885998 Relevance: 21.1, APIs: 14, Instructions: 101COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • X509_get_ext_d2i.LIBCRYPTO-3(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB18859BF
                                                                                                                                                                                                              • PyList_New.PYTHON312(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB18859DB
                                                                                                                                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB18859F3
                                                                                                                                                                                                              • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB1885A07
                                                                                                                                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB1885A1F
                                                                                                                                                                                                              • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB1885A2F
                                                                                                                                                                                                              • PyUnicode_FromStringAndSize.PYTHON312(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB1885A45
                                                                                                                                                                                                              • PyList_Append.PYTHON312(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB1885A59
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB1885A6F
                                                                                                                                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB1885A80
                                                                                                                                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB1885A91
                                                                                                                                                                                                              • PyList_AsTuple.PYTHON312(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB1885AA9
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB1885AC9
                                                                                                                                                                                                              • CRL_DIST_POINTS_free.LIBCRYPTO-3(?,?,00000000,00007FFBB18857B0), ref: 00007FFBB1885AD2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: L_sk_num$List_$DeallocL_sk_value$AppendFromS_freeSizeStringTupleUnicode_X509_get_ext_d2i
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3668485020-0
                                                                                                                                                                                                              • Opcode ID: 82b2ebc115407615bbac4ea49f8d6b6d0461ede8d54896972eaf3c73340c0966
                                                                                                                                                                                                              • Instruction ID: d9db9af90b738189e2d68317d67e3d707b48b7f22ccff129ebcbe50c0ba73d99
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82b2ebc115407615bbac4ea49f8d6b6d0461ede8d54896972eaf3c73340c0966
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E414DA1A29B0685EB549F3AED94539A3A2FF85FA9F044530CF0F86754EF3CE4418318
                                                                                                                                                                                                              Function 00007FFBAB564910 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 93COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CompareUnicode_$DeallocStringWith
                                                                                                                                                                                                              • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                              • API String ID: 1004266020-3528878251
                                                                                                                                                                                                              • Opcode ID: 1585b7f006c3bc3ef317b73109392006e48ef7fb1c9bb5363a1940f6ac4bfac5
                                                                                                                                                                                                              • Instruction ID: cedb57291b119a8fc55085a87fa56bfd08b604ecf48dc6433dcdd05530f04267
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1585b7f006c3bc3ef317b73109392006e48ef7fb1c9bb5363a1940f6ac4bfac5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D4143B1A5A60692EB168B36E8702756351BB45BC4F8C843DDDAE87772EF3DE0449700
                                                                                                                                                                                                              Function 00007FFBAB5624B0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_$DeallocObjectObject_$ConstantFromSpecStringTrackTypeType_
                                                                                                                                                                                                              • String ID: 15.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                              • API String ID: 2663085338-4141011787
                                                                                                                                                                                                              • Opcode ID: 35f2a36de3bf8fc04aa01d781381661ddda8c4355416510f682401fb826b2ab5
                                                                                                                                                                                                              • Instruction ID: 93fd7317ba8d620ee83904ec5b582571714008e2bc882f1e55292c35db45cc6c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35f2a36de3bf8fc04aa01d781381661ddda8c4355416510f682401fb826b2ab5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 093162B1E6F65781F6675B35E834278A2A0AF59B80F4CD138CD6D4A6BBDE7DE0408300
                                                                                                                                                                                                              Function 00007FFBB1883DB4 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$Bytes_D_bytesErr_FromSize
                                                                                                                                                                                                              • String ID: (ks)$num must be positive
                                                                                                                                                                                                              • API String ID: 574210595-3708576348
                                                                                                                                                                                                              • Opcode ID: ef5c184055204222b845e38213c73adfca1a897d2ebebea3fd62c770b19f6ea9
                                                                                                                                                                                                              • Instruction ID: 1da91e06f648053df6712360095fb2c526f952ba1f2a8e7d010d7d219825a804
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef5c184055204222b845e38213c73adfca1a897d2ebebea3fd62c770b19f6ea9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E221E0A5A28A02C1EB559F39EC5413927A2FF48BA9F444531DF0E87BA4DF3CE5458318
                                                                                                                                                                                                              Function 00007FFBB188AD4C Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 60COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$MallocMem_MemoryStringi2d_
                                                                                                                                                                                                              • String ID: Invalid session$d2i() failed$i2d() failed
                                                                                                                                                                                                              • API String ID: 982646903-2456513230
                                                                                                                                                                                                              • Opcode ID: fb677fb9bb66089b3d253f45923d110efa52a41cd60fd08d4161d36e4b3b5354
                                                                                                                                                                                                              • Instruction ID: 5b1dde9fe96e8f796c4bcf0c56fe4f127992991f056061388e6fe98052c3a31a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb677fb9bb66089b3d253f45923d110efa52a41cd60fd08d4161d36e4b3b5354
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05214CA5A2DA0281EB648B3DEC4003863B2FF88BD9F545631DB4E82794EF3CE444C318
                                                                                                                                                                                                              Function 00007FFBB188BEC8 Relevance: 19.6, APIs: 13, Instructions: 86encryptionCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Mem_$CertEnhancedFreeSet_Usage$DeallocErr_ErrorFromFrozenLastMallocMemoryStringUnicode_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2458427691-0
                                                                                                                                                                                                              • Opcode ID: 1a9a604552b8b544733cde27987edc093868fce8317a088017a3f7a7e4f0dc98
                                                                                                                                                                                                              • Instruction ID: c562cc547f132ffbb9b48c267b1e17863448ea033966db2c7014b5dba8f3fccb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a9a604552b8b544733cde27987edc093868fce8317a088017a3f7a7e4f0dc98
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1931A4B5A29A4681FB149F39EC0453863A1BFC4B9DF144134DB0E827A1DF3DE846CB18
                                                                                                                                                                                                              Function 00007FFBAB5611B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                              • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                              • API String ID: 1723213316-3528878251
                                                                                                                                                                                                              • Opcode ID: 0183ee75f38b3d9b4e000f242270cd4c61522a137d2eba0fb5a9939ca12be486
                                                                                                                                                                                                              • Instruction ID: cbe097d91e9d420bda481a19357090f9e672e17da6b97dd4d970ec0cbab92c16
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0183ee75f38b3d9b4e000f242270cd4c61522a137d2eba0fb5a9939ca12be486
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 115194E1E6E54242FB668B36E5707796290AF11BC4F0CE139DD6E876A3DE3CE401A700
                                                                                                                                                                                                              Function 00007FFBAB5644E4 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 109COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                              • String ID: $%04X$a unicode character$argument$decomposition
                                                                                                                                                                                                              • API String ID: 1318908108-4056541097
                                                                                                                                                                                                              • Opcode ID: 2aa5bcb769f9567ef44792d0b8645ff4acf96607a2464068c30a17cc2bf935c6
                                                                                                                                                                                                              • Instruction ID: b5d983bc2e6a9f3d560be8ea39280319384cf11c9cbc3c1fcb3d46885a3ff1a3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2aa5bcb769f9567ef44792d0b8645ff4acf96607a2464068c30a17cc2bf935c6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F841E8F1A19AC241EA268B24E8303B963A1FF59754F488239CD7E076E6EF3CD545C300
                                                                                                                                                                                                              Function 00007FFBAB6C0B5C Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 97COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyMapping_Check.PYTHON312(?,?,?,00000028,00007FFBAB6C0AE3,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0B81
                                                                                                                                                                                                              • PyMapping_GetItemString.PYTHON312(?,?,?,00000028,00007FFBAB6C0AE3,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0B9B
                                                                                                                                                                                                              • PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00000028,00007FFBAB6C0AE3,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0BB0
                                                                                                                                                                                                              • PyErr_Occurred.PYTHON312(?,?,?,00000028,00007FFBAB6C0AE3,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0BC7
                                                                                                                                                                                                              • PyErr_ExceptionMatches.PYTHON312(?,?,?,00000028,00007FFBAB6C0AE3,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0C40
                                                                                                                                                                                                              • PyErr_Format.PYTHON312(?,?,?,00000028,00007FFBAB6C0AE3,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0C89
                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,?,00000028,00007FFBAB6C0AE3,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0CA2
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,00000028,00007FFBAB6C0AE3,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C5D3A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$LongMapping_String$CheckDeallocExceptionFormatItemLong_MatchesOccurredUnsigned
                                                                                                                                                                                                              • String ID: Filter specifier must be a dict or dict-like object$Filter specifier must have an "id" entry$Invalid filter ID: %llu
                                                                                                                                                                                                              • API String ID: 1881886752-3390802605
                                                                                                                                                                                                              • Opcode ID: 0c5f6f5e7484fbb015a79b71ea40a48de156ee4d8636223415d5697c2780f545
                                                                                                                                                                                                              • Instruction ID: 4cf8155db0e4009e6f58e63ecfab2bc154f11d00003520df809f35332ab51df8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c5f6f5e7484fbb015a79b71ea40a48de156ee4d8636223415d5697c2780f545
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A241D0B1A0AA4385EA669F2DEC54138E7A5FB47B84B08E036CE6D47771DE3DE444D340
                                                                                                                                                                                                              Function 00007FFBB188C0A0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 97COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$Arg_FormatParse_SizeStringWarnX_ctrl
                                                                                                                                                                                                              • String ID: The context's protocol doesn't support modification of highest and lowest version.$Unsupported TLS/SSL version 0x%x$Unsupported protocol version 0x%x$ssl.TLSVersion.SSLv3 is deprecated$ssl.TLSVersion.TLSv1 is deprecated$ssl.TLSVersion.TLSv1_1 is deprecated
                                                                                                                                                                                                              • API String ID: 1675272777-3879554506
                                                                                                                                                                                                              • Opcode ID: 71baf546a290463a15a954a6de8ac4092b57dd8018355499b05fdfa4069349f0
                                                                                                                                                                                                              • Instruction ID: 7631ab3e5c3c1d34de143074ba1e57dbeb35c602df1a157dd049638808ee70f3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71baf546a290463a15a954a6de8ac4092b57dd8018355499b05fdfa4069349f0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 874174E9B3C91285EB718B3DDC805B93661BB45BD8F605132D70D42AE8CF6DE9448B08
                                                                                                                                                                                                              Function 00007FFBB18861B4 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String$DeallocMem_$FormatFreeMallocUnicode_memcpy
                                                                                                                                                                                                              • String ID: password cannot be longer than %d bytes$unable to allocate password buffer
                                                                                                                                                                                                              • API String ID: 1570515377-2395793021
                                                                                                                                                                                                              • Opcode ID: 5f9e72bc4cddf5341b642ddfa950700abbce585c25b8a7cecc493736a24efad4
                                                                                                                                                                                                              • Instruction ID: 8f69e59fb6ab7fbbc889aed111568863235b304adaaf7c69d1c5a37342bce873
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f9e72bc4cddf5341b642ddfa950700abbce585c25b8a7cecc493736a24efad4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE41F9A1A28A4286EB649F7ADD4457863A2FF84F98F284571CF4E47B95DF3CE4418308
                                                                                                                                                                                                              Function 00007FFBAB6C0710 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_Buffer_Long$ArgumentBufferCheckContiguousErr_Long_Module_Object_OccurredPositionalReleaseStateUnsignedfreememset
                                                                                                                                                                                                              • String ID: _decode_filter_properties$argument 2$contiguous buffer
                                                                                                                                                                                                              • API String ID: 3656606796-2431706548
                                                                                                                                                                                                              • Opcode ID: 6ac779201fb040bc529056ec0a6a5a048fdef9ca7122a7e56471178991ab58fb
                                                                                                                                                                                                              • Instruction ID: a9800420a97a3e131d61a3e166a75143d337c0a5ba1e8488a1ffdd091fd9aac0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ac779201fb040bc529056ec0a6a5a048fdef9ca7122a7e56471178991ab58fb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 913191A5A09A4681EA618F3ADC446B9A3A0FF86F84F58E131CE6D43674DF3CE545C700
                                                                                                                                                                                                              Function 00007FFBAB6B86B8 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 60COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$MemoryString
                                                                                                                                                                                                              • String ID: Corrupt input data$Input format not supported by decoder$Insufficient buffer space$Internal error$Invalid or unsupported options$Memory usage limit exceeded$Unrecognized error from liblzma: %d$Unsupported integrity check
                                                                                                                                                                                                              • API String ID: 60457842-2177155514
                                                                                                                                                                                                              • Opcode ID: e667bd3184b1031ca586e5cabd8905ebea692642c7ea9d8a448339030e972199
                                                                                                                                                                                                              • Instruction ID: 82032e91a0fade85d1a20974d5cd7707198fcb51cc9f6d4ba3fb39e0421db89b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e667bd3184b1031ca586e5cabd8905ebea692642c7ea9d8a448339030e972199
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A2131E0EAE51381E9BB87BCDC540789AB1AF46744F6CF035CC2D439B49E2EE944C604
                                                                                                                                                                                                              Function 00007FFBB188817C Relevance: 18.1, APIs: 12, Instructions: 71threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_H_freeThread_errno$Err_ErrnoFilenameFromHparamsM_read_ObjectPy_fopen_objR_clear_errorRestoreSaveWithX_ctrlfclose
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1346594628-0
                                                                                                                                                                                                              • Opcode ID: d8dbcb226fcf11d68ebc5b41bf20ef14c1123230d1de28d35d378d2033140788
                                                                                                                                                                                                              • Instruction ID: 4efdbb989fb3f127e544a586256a1147a97ec6d5c96743a453b94f8c3661dc69
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8dbcb226fcf11d68ebc5b41bf20ef14c1123230d1de28d35d378d2033140788
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71315EA5A38A5282EB109B7EEC1452973A2FF89F98F544130DF4D87B64DF3CE4458728
                                                                                                                                                                                                              Function 00007FFBB1884BE0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$CallEnsureErr_ExceptionFunction_L_get_ex_dataObjectObject_RaisedSizeState_Weakref_
                                                                                                                                                                                                              • String ID: Osiiiy#$read$write
                                                                                                                                                                                                              • API String ID: 319021734-708132800
                                                                                                                                                                                                              • Opcode ID: 3b2b216f17ebdb0acafd3b866d8e540c79141b61aab4f3953f3959b7defdeaef
                                                                                                                                                                                                              • Instruction ID: 2405918a2ab32e794be344207cafb4e90ae20f9e12aaeeb487012237bd56a488
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b2b216f17ebdb0acafd3b866d8e540c79141b61aab4f3953f3959b7defdeaef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A4138B2928A4586E7698F39EC5433877EAFB88B98F054135CB5E43754DF3CE4408704
                                                                                                                                                                                                              Function 00007FFBB18860CC Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocEval_Thread$Err_FormatSave$ArgsCallObject_RestoreStringUnicode_memcpy
                                                                                                                                                                                                              • String ID: password callback must return a string$password cannot be longer than %d bytes
                                                                                                                                                                                                              • API String ID: 1551476282-1265974473
                                                                                                                                                                                                              • Opcode ID: c4e2ab41f03ae2c81b3316661259de9736e018e30fa8cf9a68c0640d17e463cf
                                                                                                                                                                                                              • Instruction ID: 98cba12677fd315f1bb4c90b59df719db22ee9632f9541a1a926cae5c8d1724d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4e2ab41f03ae2c81b3316661259de9736e018e30fa8cf9a68c0640d17e463cf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58215CB9A28A4286EB148F39ED4427873A1FB44B9CF144531DB1D87B56CF3CE4908754
                                                                                                                                                                                                              Function 00007FFBB1888AF0 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentErr_SizeStringUnicode_
                                                                                                                                                                                                              • String ID: No cipher can be selected.$argument$embedded null character$set_ciphers$str
                                                                                                                                                                                                              • API String ID: 4155279725-2765033273
                                                                                                                                                                                                              • Opcode ID: 2190c4b115a8d39a6f3b871262bd8d9eb1207ac36cde626f34a3ec1f57a2d49e
                                                                                                                                                                                                              • Instruction ID: a23d620c049bfcddf5701a0f57f77df077e896e4a4a28b05df0174c1aa33f330
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2190c4b115a8d39a6f3b871262bd8d9eb1207ac36cde626f34a3ec1f57a2d49e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71116DE1A28A4391EB14CB3EEC900792361FF85BE8F545231CB1E476A4DF2CE895C318
                                                                                                                                                                                                              Function 00007FFBAB6B7FEC Relevance: 16.7, APIs: 11, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Mem_$memcpy$Bytes_DeallocErr_FreeFromMallocNoneReallocSizeStringmemmove
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1220578264-0
                                                                                                                                                                                                              • Opcode ID: 85adeaa55f33651ef0f232b94068ae9b2308325af99af7830eee87ddd8bfa38a
                                                                                                                                                                                                              • Instruction ID: 2b3f85847f6dd0806e95c4dacc3fa2f9b34167025f19cce2ee38556d27ffa76a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85adeaa55f33651ef0f232b94068ae9b2308325af99af7830eee87ddd8bfa38a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50513BA2A0BA4285EB628F79ED44239ABB5FB45FD4F18A031CE6D17765DF3CE4518300
                                                                                                                                                                                                              Function 00007FFBB18823C0 Relevance: 16.6, APIs: 11, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_$FromModuleSpecTypeType_$State
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1138651315-0
                                                                                                                                                                                                              • Opcode ID: c12daf4ef74437e9ee43a0ab028c9d2325d444946053406999bb479739ffdcf6
                                                                                                                                                                                                              • Instruction ID: 6c943c581f85b4f9f232089483e09ed23702e31e6605a6d384b5fc772be8cbd1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c12daf4ef74437e9ee43a0ab028c9d2325d444946053406999bb479739ffdcf6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8431CCA5B29B0392EF549F3DEC9052562A2BF09B88B146534CF1E47B54EF3CE064C628
                                                                                                                                                                                                              Function 00007FFBB1888FDC Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentErr_KeywordsL_get_finishedL_session_reusedSizeStringUnicode_Unpackstrcmp
                                                                                                                                                                                                              • String ID: argument 'cb_type'$embedded null character$get_channel_binding$str$tls-unique
                                                                                                                                                                                                              • API String ID: 2734880604-851902044
                                                                                                                                                                                                              • Opcode ID: 1204b5ba865d081bee782aef7755327364b3baafc3dc80958555fbd643a661eb
                                                                                                                                                                                                              • Instruction ID: 5c87249b21f49eacc18692b5c64d5dd35ec5b1d6c921920a2a57a8104068c5b5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1204b5ba865d081bee782aef7755327364b3baafc3dc80958555fbd643a661eb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A316FA1E28A4282EB508B2DEC401B973A1BF84BD8F545231DF5D47799EE3DE846C748
                                                                                                                                                                                                              Function 00007FFBAB5646A8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 62COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckDigitErr_FromLongLong_PositionalStringUnicode_
                                                                                                                                                                                                              • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                              • API String ID: 4245020737-4278345224
                                                                                                                                                                                                              • Opcode ID: d2c025be6f32e1fa96eb3f1c6703f3e18d3fbf46a97c983d3ea169cd79d16b21
                                                                                                                                                                                                              • Instruction ID: 7808d7e2352588295e82fd839c57aee2353f6353961f129d514fa90c46dcaf72
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2c025be6f32e1fa96eb3f1c6703f3e18d3fbf46a97c983d3ea169cd79d16b21
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D921BFB5B2AA4281EB568B25E4702792360FB45B84F58D039CD6D83776EF7CE446C300
                                                                                                                                                                                                              Function 00007FFBB188C3D0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_StringX_callback_ctrl
                                                                                                                                                                                                              • String ID: not a callable object$sni_callback cannot be set on TLS_CLIENT context
                                                                                                                                                                                                              • API String ID: 3136334877-1539510184
                                                                                                                                                                                                              • Opcode ID: 788291f8384f30ac4a6e7bfa2e3a175a74d7f65cd18873bfc6675bda141492af
                                                                                                                                                                                                              • Instruction ID: 7ee8ddcfbd1a840563679ca78dd111e54bd5e4567ccc5bd8d08a558a5c211b5b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 788291f8384f30ac4a6e7bfa2e3a175a74d7f65cd18873bfc6675bda141492af
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40210CB2A2860282EB548F3DDD8467823A1FF84B9CF505531CB0D86598DF3CE595C708
                                                                                                                                                                                                              Function 00007FFBB18825D8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FromInternStringUnicode_$Module_State
                                                                                                                                                                                                              • String ID: library$reason$verify_code$verify_message
                                                                                                                                                                                                              • API String ID: 1970222510-435783180
                                                                                                                                                                                                              • Opcode ID: fb758433800d26116e036aeb3a05a2ac270f032bbd4d776c834a61358507b45a
                                                                                                                                                                                                              • Instruction ID: 64bc64a207ca093ae73d3dbfc6b1e49759b81b6007fd2f970be2bc39992eb996
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb758433800d26116e036aeb3a05a2ac270f032bbd4d776c834a61358507b45a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA01CDA092AF0792FB51DB3DED5417432A2BF1472DF540635CA5E853A0EF7CA499C318
                                                                                                                                                                                                              Function 00007FFBBC3413C0 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643202156.00007FFBBC341000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBBC340000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643187247.00007FFBBC340000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643218174.00007FFBBC343000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643233388.00007FFBBC345000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643248571.00007FFBBC346000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbc340000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 190073905-0
                                                                                                                                                                                                              • Opcode ID: f1c673a6dd7e037b88097e85c1a56384b7f6a9428d16750b3bca31e525e0c308
                                                                                                                                                                                                              • Instruction ID: c9e3a3441ac7ba70d80ddaff54049c73bf62d8b3a38941271905f093d64780e0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1c673a6dd7e037b88097e85c1a56384b7f6a9428d16750b3bca31e525e0c308
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33818EE1E08A4346FA54EB7ED44AAB973A1AF85780FC84135DB0D47796DF3CE8458708
                                                                                                                                                                                                              Function 00007FFBAB562720 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 190073905-0
                                                                                                                                                                                                              • Opcode ID: bc53fe8a0eda1481b36a314380ac74b5aff62c5ee69524d86cd6bd6c99e3d1c0
                                                                                                                                                                                                              • Instruction ID: b94f206e17488274cfdf3a85f8542d6040d7e479914f2c93d5f7a4bd469d834e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc53fe8a0eda1481b36a314380ac74b5aff62c5ee69524d86cd6bd6c99e3d1c0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D81BEA0E2A24745FAA69B35D871279A290AF85780F5CC03DDD2C537B7DE7EE8458700
                                                                                                                                                                                                              Function 00007FFBAB6C3550 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 190073905-0
                                                                                                                                                                                                              • Opcode ID: 425fd5ac1271bb133272e3ab21a2143b35eb579dd60372998353d793c77f0ddb
                                                                                                                                                                                                              • Instruction ID: eaa47a8005a2df0b4f63de54df05c9485d4babc5d3757d58deaef678d79210da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 425fd5ac1271bb133272e3ab21a2143b35eb579dd60372998353d793c77f0ddb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75816DA0E0B64245F652AB7EDC512BAE690BF47B80F54E135DD2D477B2DE3CE8058740
                                                                                                                                                                                                              Function 00007FFBB18829C0 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 190073905-0
                                                                                                                                                                                                              • Opcode ID: d38f188f355c007600eaac4bff51f8444aac1092ff7ab8041817ed6d9cf5dfe0
                                                                                                                                                                                                              • Instruction ID: 18c89f8cd2fd66e0437136fa52deb1ab600bd89c5b7f031d4719df77a93cab57
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d38f188f355c007600eaac4bff51f8444aac1092ff7ab8041817ed6d9cf5dfe0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0281AFE1E2924386F764AB7DEC412B96293BF85B88F544135DB0C4B392DE7CE945C318
                                                                                                                                                                                                              Function 00007FFBC3131190 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643281784.00007FFBC3131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFBC3130000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643266263.00007FFBC3130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643298480.00007FFBC3133000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643315453.00007FFBC3135000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643331694.00007FFBC3136000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbc3130000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 190073905-0
                                                                                                                                                                                                              • Opcode ID: b57b117b731fe6fadf01a2aa5e6dfd03c7664753ee25818152bc9f2dcd8646e2
                                                                                                                                                                                                              • Instruction ID: d6fad385db0586546f8e377af8f1a89eea1256e53349c3173287960eb2871e23
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b57b117b731fe6fadf01a2aa5e6dfd03c7664753ee25818152bc9f2dcd8646e2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB816AE1E0C2428AFAD0BF75D441ABB6790AF45FA0FDC8535D90D67696DF2CA8058780
                                                                                                                                                                                                              Function 00007FFBC313266C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643281784.00007FFBC3131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFBC3130000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643266263.00007FFBC3130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643298480.00007FFBC3133000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643315453.00007FFBC3135000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643331694.00007FFBC3136000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbc3130000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$DescriptorErr_FastFileObject_Sequence_String
                                                                                                                                                                                                              • String ID: arguments 1-3 must be sequences$too many file descriptors in select()
                                                                                                                                                                                                              • API String ID: 3320488554-3996108163
                                                                                                                                                                                                              • Opcode ID: 663c9d7e54148f1ae31ea019f9802c07c2ccdac2675d68113b08dfc84bed29b7
                                                                                                                                                                                                              • Instruction ID: 9ad40cfb29a472ba3f6919b699956ef8fc9f5a7fd9fc30f7c174f23eaa7f3072
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 663c9d7e54148f1ae31ea019f9802c07c2ccdac2675d68113b08dfc84bed29b7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0841A1B6A08B4289EB949F35E44493A33B0FB94FA4F984231CA5E53794DF3CE456C300
                                                                                                                                                                                                              Function 00007FFBB188450C Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 60COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_L_is_init_finishedL_set_sessionN_freeString
                                                                                                                                                                                                              • String ID: Cannot set session after handshake.$Cannot set session for server-side SSLSocket.$Session refers to a different SSLContext.$Value is not a SSLSession.
                                                                                                                                                                                                              • API String ID: 2514955158-3160731334
                                                                                                                                                                                                              • Opcode ID: cb3fe2627774ddf24cce2fb734a496a6ea804b112b709d879f4498172ccc9e01
                                                                                                                                                                                                              • Instruction ID: 986490b9f1376c7b0b3208b69991469e9e1ba37e7bc1a22cee49603af77d4311
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb3fe2627774ddf24cce2fb734a496a6ea804b112b709d879f4498172ccc9e01
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C21F0A6A28A4281EB14DB3ADC4013C63B1FB84F98B544131EB4D8BA94DF3CE855C718
                                                                                                                                                                                                              Function 00007FFBB188A3E4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpack
                                                                                                                                                                                                              • String ID: argument 'store_name'$embedded null character$enum_certificates$str
                                                                                                                                                                                                              • API String ID: 2966986319-2881692381
                                                                                                                                                                                                              • Opcode ID: a558f2bdd249397dd286bc219144cd5c93b06eceeca69e4e7d8f6477897cac66
                                                                                                                                                                                                              • Instruction ID: 89a83bdf401bd4ff378d5fb841f11baaf2ec685bbc31b33d7028129f9057bbfe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a558f2bdd249397dd286bc219144cd5c93b06eceeca69e4e7d8f6477897cac66
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C62166E1A29A0285EF508F2DE88426963A1FF44B98F445232DB1E437A4EF3DE945C718
                                                                                                                                                                                                              Function 00007FFBB188A77C Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpack
                                                                                                                                                                                                              • String ID: argument 'store_name'$embedded null character$enum_crls$str
                                                                                                                                                                                                              • API String ID: 2966986319-2641223161
                                                                                                                                                                                                              • Opcode ID: 9207a620bc1de7acd13296e7cd5c7201cb4edf894e6892fb78226e170a4e9249
                                                                                                                                                                                                              • Instruction ID: 1347613f8431b71308b3a51bfd77af98d5798c40505afa4ce13e9ebbeac3a6aa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9207a620bc1de7acd13296e7cd5c7201cb4edf894e6892fb78226e170a4e9249
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 392169E1A29A0285EF549B29EC8066963A1BF44B98F441236DB5E423E4EF3DE845C718
                                                                                                                                                                                                              Function 00007FFBB188C2A8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_Long$Arg_Long_OccurredParse_SizeUnsignedWarnX_clear_optionsX_get_optionsX_set_options
                                                                                                                                                                                                              • String ID: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
                                                                                                                                                                                                              • API String ID: 226671855-2795599882
                                                                                                                                                                                                              • Opcode ID: 29dbf6c03697e70a70b8d0d9d84f1e73284890b3f3ecc51830aa8e06cc383dd3
                                                                                                                                                                                                              • Instruction ID: 67caec90be55edaabebfabbbcced1ddc4db7972f28f507150f0fb498795cb578
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29dbf6c03697e70a70b8d0d9d84f1e73284890b3f3ecc51830aa8e06cc383dd3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 732174A5B28A4281EB109B39EC446B863A2FF45FE8F184631CF6D477D4DF2CE5418314
                                                                                                                                                                                                              Function 00007FFBB18894DC Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ParseSizeTuple_$Buffer_Err_ReleaseStringmemset
                                                                                                                                                                                                              • String ID: _ssl._SSLSocket.read requires 1 to 2 arguments$n:read$nw*:read
                                                                                                                                                                                                              • API String ID: 2062789907-3684439920
                                                                                                                                                                                                              • Opcode ID: 628a6d6952236a9e72f14cda79c5ef9150fc0415e25b4211b0c3b2f71f41df3d
                                                                                                                                                                                                              • Instruction ID: 24f699625d390d98ed2c3c9b6e3dfbede6d857853809a7e5d809de6f497bab3d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 628a6d6952236a9e72f14cda79c5ef9150fc0415e25b4211b0c3b2f71f41df3d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F2167B2B18A4681E720DF3AEC446A963A1FBC8B88F548131EB4D43768DF3CD945C754
                                                                                                                                                                                                              Function 00007FFBB188937C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SSL_is_init_finished.LIBSSL-3(?,?,00000000,00007FFBB188935A), ref: 00007FFBB1889394
                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,00000000,00007FFBB188935A), ref: 00007FFBB18893AF
                                                                                                                                                                                                              • SSL_get1_peer_certificate.LIBSSL-3(?,?,00000000,00007FFBB188935A), ref: 00007FFBB18893BD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_L_get1_peer_certificateL_is_init_finishedString
                                                                                                                                                                                                              • String ID: handshake not done yet
                                                                                                                                                                                                              • API String ID: 1333720006-2620869922
                                                                                                                                                                                                              • Opcode ID: 121f75b62306baad1dd765cf832d8146bcb92f6b7aa344bdea852c4768c8d04c
                                                                                                                                                                                                              • Instruction ID: 496934789b78a7449088d120c5217826ad35b867bee361964a0170440960f0dc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 121f75b62306baad1dd765cf832d8146bcb92f6b7aa344bdea852c4768c8d04c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A11EDA1E28A4281EB149B7EED9403C6361BF88FDCB545131DB0EC7768DF2CE8518354
                                                                                                                                                                                                              Function 00007FFBB18890F0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 48stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Bytes_Err_FormatFromL_get_finishedL_get_peer_finishedL_session_reusedSizeStringstrcmp
                                                                                                                                                                                                              • String ID: '%s' channel binding type not implemented$tls-unique
                                                                                                                                                                                                              • API String ID: 797867279-2744131590
                                                                                                                                                                                                              • Opcode ID: 3e2041bfdaeaec719abc6772907349fbe59f9b5e751b5ab7db2425d46b700f5c
                                                                                                                                                                                                              • Instruction ID: 44c1440a0a9e29f760c4bd2b05a4bd933f7e499dd865fca8ed0559cc0cb59f7d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e2041bfdaeaec719abc6772907349fbe59f9b5e751b5ab7db2425d46b700f5c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D113DA5B2CA4281EB109B3DEC9437A23A1BF88B88F444135CB4E87A69DF2CE544C354
                                                                                                                                                                                                              Function 00007FFBAB6B84D0 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                                                                                                                                                              • String ID: argument$compress$contiguous buffer
                                                                                                                                                                                                              • API String ID: 1731275941-2310704374
                                                                                                                                                                                                              • Opcode ID: e49fcee8418d40925be70ffaeb55ce411285ea8029e7bf477f1f0c24e54d7857
                                                                                                                                                                                                              • Instruction ID: 9ca2154ff74157856ee4f7c8deae51b6d0f3345f41d7668fa832f7ae95f6c7e2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e49fcee8418d40925be70ffaeb55ce411285ea8029e7bf477f1f0c24e54d7857
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E11D3A2B09A4281EB61CF39EC442B9A360FB89B80F58E131DE6D43634EF3CD945C700
                                                                                                                                                                                                              Function 00007FFBB1886FB4 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_Releasememset
                                                                                                                                                                                                              • String ID: _set_alpn_protocols$argument$contiguous buffer
                                                                                                                                                                                                              • API String ID: 365628853-4024966138
                                                                                                                                                                                                              • Opcode ID: 0f8ef274a15ae6c3c0d43067f1a6bd1b6b662e03dda108eddf97415fca001b63
                                                                                                                                                                                                              • Instruction ID: 718a893f7581058e487cd2f075eb2bdd69efee7094f11daa1e10162dd1caf94f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f8ef274a15ae6c3c0d43067f1a6bd1b6b662e03dda108eddf97415fca001b63
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 171193A6B2864281EB10CF3AEC402B96361FF88BC8F948131DB4D43664DF3CD646C744
                                                                                                                                                                                                              Function 00007FFBB1889DC4 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_Releasememset
                                                                                                                                                                                                              • String ID: argument$contiguous buffer$write
                                                                                                                                                                                                              • API String ID: 365628853-2056178395
                                                                                                                                                                                                              • Opcode ID: 59be1726feed64141c1fbff6e87f7ff7e1f4b4ee85d08b88edc3f257f6c53196
                                                                                                                                                                                                              • Instruction ID: 18c5d103f73eafee4fad337dac29f766accbd2e4282811ee9f6a63dda758fe57
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59be1726feed64141c1fbff6e87f7ff7e1f4b4ee85d08b88edc3f257f6c53196
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 251163A2B18A4691EB10CF3AEC442B96361FB88BC8F944131DB4D53668DF7CDA45C744
                                                                                                                                                                                                              Function 00007FFBB1886B14 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_Releasememset
                                                                                                                                                                                                              • String ID: argument$contiguous buffer$write
                                                                                                                                                                                                              • API String ID: 365628853-2056178395
                                                                                                                                                                                                              • Opcode ID: 35735a67bdcfb7f1da9b8bddf2dfe6cd1bb58268b0089e9b5a81e36b30e2f3f8
                                                                                                                                                                                                              • Instruction ID: ca3cdbcd27a89c7b717d756a451b960d11cdece375da1c017896730e75619455
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35735a67bdcfb7f1da9b8bddf2dfe6cd1bb58268b0089e9b5a81e36b30e2f3f8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A91136A1B1864691EB10DB39EC442B96361FB84BCCF544135DB4D53664DF3CDA45C744
                                                                                                                                                                                                              Function 00007FFBB1886C08 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyErr_Format.PYTHON312(?,?,?,?,00000000,00007FFBB1886B96), ref: 00007FFBB1886C2E
                                                                                                                                                                                                              • PyType_GetModule.PYTHON312(?,?,?,?,00000000,00007FFBB1886B96), ref: 00007FFBB1886C46
                                                                                                                                                                                                              • PyModule_GetState.PYTHON312(?,?,?,?,00000000,00007FFBB1886B96), ref: 00007FFBB1886C54
                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,?,?,00000000,00007FFBB1886B96), ref: 00007FFBB1886C65
                                                                                                                                                                                                              • BIO_write.LIBCRYPTO-3(?,?,?,?,00000000,00007FFBB1886B96), ref: 00007FFBB1886C78
                                                                                                                                                                                                              • PyType_GetModuleState.PYTHON312(?,?,?,?,00000000,00007FFBB1886B96), ref: 00007FFBB1886C86
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1886598: ERR_peek_last_error.LIBCRYPTO-3 ref: 00007FFBB18865B0
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1886598: ERR_clear_error.LIBCRYPTO-3 ref: 00007FFBB18865D9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_ModuleStateType_$FormatModule_O_writeR_clear_errorR_peek_last_errorString
                                                                                                                                                                                                              • String ID: cannot write() after write_eof()$string longer than %d bytes
                                                                                                                                                                                                              • API String ID: 11717643-118187971
                                                                                                                                                                                                              • Opcode ID: 06f92be71100825d3c9ea8ef4fd01e99e9863292e6d6d958c220cbc8e2b7e9d0
                                                                                                                                                                                                              • Instruction ID: 58effc1961c4867bfe2523635fd4c61671fcd2734f0b70213ee951f6db69361b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06f92be71100825d3c9ea8ef4fd01e99e9863292e6d6d958c220cbc8e2b7e9d0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78113DE1E29A0782EB149B39DC5053823A2FB84B98F644534CA1D8B660DF3CE486D718
                                                                                                                                                                                                              Function 00007FFBB1887064 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_Mem_$FormatFreeMallocMemory
                                                                                                                                                                                                              • String ID: protocols longer than %u bytes
                                                                                                                                                                                                              • API String ID: 2903777688-895981740
                                                                                                                                                                                                              • Opcode ID: 396246bedbab051393212bd06f7a9bb374f8d842a11628eaacb9d5ecfc91a0df
                                                                                                                                                                                                              • Instruction ID: cd8e6535757e995564ff0a2d244ec9b2eda02a14512ace226e6f345889a0a196
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 396246bedbab051393212bd06f7a9bb374f8d842a11628eaacb9d5ecfc91a0df
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5711BCE5A28B4282EB149F3AED904282371FB49F98B505535CF1E87764DF3CE4A5C358
                                                                                                                                                                                                              Function 00007FFBB1889968 Relevance: 13.6, APIs: 9, Instructions: 79COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: L_sk_num$DeallocFromL_get_ciphersL_get_client_ciphersL_sk_findL_sk_valueList_LongLong_R_get_bitsR_get_nameR_get_versionTuple_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1361062010-0
                                                                                                                                                                                                              • Opcode ID: e6747978d85385ee8664d065162e242e3656c638aeba04cf87427d753b00fa66
                                                                                                                                                                                                              • Instruction ID: 4f6c30a6b53a54a1c15c471162c0e420a429d86ca9eccd15f7824c667cd27c93
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6747978d85385ee8664d065162e242e3656c638aeba04cf87427d753b00fa66
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D3149A1B29B0281EF548B7AED5453963A2BF84FD8F040434CF0E87758EE3CE4418398
                                                                                                                                                                                                              Function 00007FFBB18878CC Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: L_sk_num$L_freeL_get_ciphersL_newL_sk_valueList_R_clear_errorR_peek_last_error
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 722909353-0
                                                                                                                                                                                                              • Opcode ID: abc4be1438cddae87394517afad28248d235853531413cbe841bfafbd1df0b3a
                                                                                                                                                                                                              • Instruction ID: a95f1e0c1353388fc80e9c6c70146e66dc1a910e4960e1001b935e8cb70f0ea1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: abc4be1438cddae87394517afad28248d235853531413cbe841bfafbd1df0b3a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62212C61A29B4286EB549F7EED14539A3A2BFC8F98B180134DF4E87764DF3CE4058319
                                                                                                                                                                                                              Function 00007FFBAB6C246C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6C24B8
                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6C24FC
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6C2518
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6C2567
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Bytes_FromSizeStringmemcpy
                                                                                                                                                                                                              • String ID: Unable to allocate output buffer.
                                                                                                                                                                                                              • API String ID: 76732796-2565006440
                                                                                                                                                                                                              • Opcode ID: dfc50fe1e76f4b95923bb712c602e591bc04f2612fcca18cafc909a29d1c47b1
                                                                                                                                                                                                              • Instruction ID: da4397eb8725317a93b684a833b894dca90abf69f0740209fdd904a28e4faf92
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfc50fe1e76f4b95923bb712c602e591bc04f2612fcca18cafc909a29d1c47b1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A44102F6A06A0281EB568F2ED854279B7A0FB4AF94F58E432CE2D43765CF38D851C340
                                                                                                                                                                                                              Function 00007FFBAB6C083C Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 92COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyDict_New.PYTHON312(?,?,?,00007FFBAB6C081A,?,?,?,?,?,00007FFBAB6C07A5), ref: 00007FFBAB6C0849
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6C0970: PyLong_FromUnsignedLongLong.PYTHON312(?,?,?,00007FFBAB6C086D,?,?,?,00007FFBAB6C081A,?,?,?,?,?,00007FFBAB6C07A5), ref: 00007FFBAB6C0988
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6C0970: PyUnicode_InternFromString.PYTHON312(?,?,?,00007FFBAB6C086D,?,?,?,00007FFBAB6C081A,?,?,?,?,?,00007FFBAB6C07A5), ref: 00007FFBAB6C0999
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6C0970: PyDict_SetItem.PYTHON312(?,?,?,00007FFBAB6C086D,?,?,?,00007FFBAB6C081A,?,?,?,?,?,00007FFBAB6C07A5), ref: 00007FFBAB6C09B4
                                                                                                                                                                                                              • PyErr_Format.PYTHON312(?,?,?,00007FFBAB6C081A,?,?,?,?,?,00007FFBAB6C07A5), ref: 00007FFBAB6C5C50
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,00007FFBAB6C081A,?,?,?,?,?,00007FFBAB6C07A5), ref: 00007FFBAB6C5C6C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dict_FromLong$DeallocErr_FormatInternItemLong_StringUnicode_Unsigned
                                                                                                                                                                                                              • String ID: Invalid filter ID: %llu$dict_size$dist$start_offset
                                                                                                                                                                                                              • API String ID: 1484310907-3368833446
                                                                                                                                                                                                              • Opcode ID: 2bf5425971416fcf604516447e7ff1f6a8227c031248f9865350739be3ef4e27
                                                                                                                                                                                                              • Instruction ID: da766b15d1320bdb8d6d97e4606d63a1c9feb019d58938bb2b354d0a6cd8d067
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2bf5425971416fcf604516447e7ff1f6a8227c031248f9865350739be3ef4e27
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C41F0B1A0AA0391FA664B7EDD44278A760AB47794F48F136CF3D466B1DF3CA4A58700
                                                                                                                                                                                                              Function 00007FFBAB6C6380 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,?,00007FFBAB6C4D6B,?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6C63B8
                                                                                                                                                                                                              • PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FFBAB6C4D6B,?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6C641B
                                                                                                                                                                                                              • PyList_Append.PYTHON312(?,?,?,00007FFBAB6C4D6B,?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6C642F
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,00007FFBAB6C4D6B,?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6C644B
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,00007FFBAB6C4D6B,?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6C6464
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                                                                                                                                                              • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                                                                                                                                                              • API String ID: 1563898963-3455802345
                                                                                                                                                                                                              • Opcode ID: 580d003c13f45ba0d3f5d519e6676035726d1c9c5441bda9205d6986d50f6f75
                                                                                                                                                                                                              • Instruction ID: 04c13e72ee8f90fee9a1e5ba9c21a795fea794a46dc9f68ebc027550b16f1bb3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 580d003c13f45ba0d3f5d519e6676035726d1c9c5441bda9205d6986d50f6f75
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 813118A2A1AA4281EA568F39ED44138B3A0BB46BA4F14E231DD3D477F4DF3CE441C304
                                                                                                                                                                                                              Function 00007FFBB1886EE8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$CheckErr_KeywordsLong_ModuleModule_OccurredPositionalStateType_
                                                                                                                                                                                                              • String ID: _SSLContext
                                                                                                                                                                                                              • API String ID: 3264916389-1468230856
                                                                                                                                                                                                              • Opcode ID: c64405a7b27c56aaf44971f44464ecaac7446b0669db094c4bdbdc9adda6c775
                                                                                                                                                                                                              • Instruction ID: dd42b1552624df81536976d7b505a03ea2fccfc456b561b67d67e80b8978d304
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c64405a7b27c56aaf44971f44464ecaac7446b0669db094c4bdbdc9adda6c775
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 512145A1B29A4285EB509F3AEC4417963A2FF48FD8F584530DB5D87B94DE7CE8918308
                                                                                                                                                                                                              Function 00007FFBAB6B95F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lock
                                                                                                                                                                                                              • String ID: Already at end of stream
                                                                                                                                                                                                              • API String ID: 2195683152-1334556646
                                                                                                                                                                                                              • Opcode ID: 3eb67ee195b5bbe57a7cea297c8508a8a17e06b17122ceb0a36300f9ddcb8c56
                                                                                                                                                                                                              • Instruction ID: e49c956511338a95b28e41deaeedf1bf0369e3b846ea58cd7874d4c55baeb94d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3eb67ee195b5bbe57a7cea297c8508a8a17e06b17122ceb0a36300f9ddcb8c56
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74112EA1A09A5285EA55DB7AEC44179B7A4FB8AFC0F08A035DE2E43765CF3CE455C340
                                                                                                                                                                                                              Function 00007FFBB188AE40 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: E_print_exErr_O_freeO_newO_s_memStringX509_
                                                                                                                                                                                                              • String ID: failed to allocate BIO$strict
                                                                                                                                                                                                              • API String ID: 220268057-2811890329
                                                                                                                                                                                                              • Opcode ID: 6a0f88f0bd0f83da5f441945c6c0226c2d52c252e33f841dbafb65b11878cf91
                                                                                                                                                                                                              • Instruction ID: 94589d42e697120816c12f56e48333bac9f385795dfb5752f31fe3067e1fd594
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a0f88f0bd0f83da5f441945c6c0226c2d52c252e33f841dbafb65b11878cf91
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 321151A5B28B5281EB109B3EFC04169A3A1BF89FD8F445531DF4E47765EE3CE0418708
                                                                                                                                                                                                              Function 00007FFBAB6B9010 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyThread_acquire_lock.PYTHON312(?,?,?,00007FFBAB6B8536), ref: 00007FFBAB6B9036
                                                                                                                                                                                                              • PyThread_release_lock.PYTHON312(?,?,?,00007FFBAB6B8536), ref: 00007FFBAB6B9068
                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,?,00007FFBAB6B8536), ref: 00007FFBAB6B9098
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6B8564: PyType_GetModuleState.PYTHON312 ref: 00007FFBAB6B859D
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6B8564: PyBytes_FromStringAndSize.PYTHON312 ref: 00007FFBAB6B85B1
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6B8564: PyList_New.PYTHON312 ref: 00007FFBAB6B85C8
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6B8564: PyEval_SaveThread.PYTHON312 ref: 00007FFBAB6B8619
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6B8564: PyEval_RestoreThread.PYTHON312 ref: 00007FFBAB6B8633
                                                                                                                                                                                                              • PyEval_SaveThread.PYTHON312(?,?,?,00007FFBAB6B8536), ref: 00007FFBAB6C4F44
                                                                                                                                                                                                              • PyThread_acquire_lock.PYTHON312(?,?,?,00007FFBAB6B8536), ref: 00007FFBAB6C4F59
                                                                                                                                                                                                              • PyEval_RestoreThread.PYTHON312(?,?,?,00007FFBAB6B8536), ref: 00007FFBAB6C4F62
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                                                                                                                                                              • String ID: Compressor has been flushed
                                                                                                                                                                                                              • API String ID: 3871537485-3904734015
                                                                                                                                                                                                              • Opcode ID: 7a7077e9134b2479d70bc0b55754877c5396126443336fd8736004c065fe7fd0
                                                                                                                                                                                                              • Instruction ID: b04d81b6bc0144425a8a2a5956302c22a49720a91c551c6783db79216bad2636
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a7077e9134b2479d70bc0b55754877c5396126443336fd8736004c065fe7fd0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A1130A1A09A9281EA95CB66EC44179A765FB89FC0F08E031DE6D43B74CF3CE055C740
                                                                                                                                                                                                              Function 00007FFBAB6C2F1C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                                                                                                                                                              • String ID: Repeated call to flush()
                                                                                                                                                                                                              • API String ID: 3871537485-194442007
                                                                                                                                                                                                              • Opcode ID: a4197e1cdbd251bead5eb9b1989463c00a4a401fc08ccf7e864d5c68d6b91325
                                                                                                                                                                                                              • Instruction ID: 2e4bacc703e3dfa519b213ee6058cbc25d828bb490e6b5c59b6da93aba517729
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4197e1cdbd251bead5eb9b1989463c00a4a401fc08ccf7e864d5c68d6b91325
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 071146A1A09A5282E6A58B3AEC44279A761FB85F80F08E031DD2D43774CF3CE055C700
                                                                                                                                                                                                              Function 00007FFBB1882078 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OBJ_obj2nid.LIBCRYPTO-3(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB188209A
                                                                                                                                                                                                              • OBJ_nid2sn.LIBCRYPTO-3(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB18820AC
                                                                                                                                                                                                              • OBJ_nid2ln.LIBCRYPTO-3(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB18820B7
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1882108: OBJ_obj2txt.LIBCRYPTO-3 ref: 00007FFBB188214D
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1882108: PyUnicode_FromStringAndSize.PYTHON312 ref: 00007FFBB1882173
                                                                                                                                                                                                              • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB18820E5
                                                                                                                                                                                                              • PyErr_Format.PYTHON312(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB18839DD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Size$BuildErr_FormatFromJ_nid2lnJ_nid2snJ_obj2nidJ_obj2txtStringUnicode_Value_
                                                                                                                                                                                                              • String ID: Unknown object$issN
                                                                                                                                                                                                              • API String ID: 1805764990-847857892
                                                                                                                                                                                                              • Opcode ID: ea83c61d6916d680fba78a9c4248b6588b21cf4e1124f9ab67650f529259f701
                                                                                                                                                                                                              • Instruction ID: 2a479803772d53c0e6a86e2f2e69cd1c5297ccf34bd9611480444329fff71103
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea83c61d6916d680fba78a9c4248b6588b21cf4e1124f9ab67650f529259f701
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C81139A5B28A4282EB109B3AEC0446967A6FB88FD8F444131DF4D87764DF3CE545C708
                                                                                                                                                                                                              Function 00007FFBBC341250 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643202156.00007FFBBC341000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBBC340000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643187247.00007FFBBC340000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643218174.00007FFBBC343000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643233388.00007FFBBC345000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643248571.00007FFBBC346000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbc340000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_$Err_ExceptionFromModuleObjectSpecTypeType_With
                                                                                                                                                                                                              • String ID: Empty$Exception raised by Queue.get(block=0)/get_nowait().$_queue.Empty
                                                                                                                                                                                                              • API String ID: 1138974572-1946099957
                                                                                                                                                                                                              • Opcode ID: e9c16aa09e3c881d18367ec0445a04b9b32befb82dfcc7304f5cc8f08080e5e1
                                                                                                                                                                                                              • Instruction ID: e698f7cc0ebe47401bde82b71a4e5fa3e26502f729072f56774499acf714ac19
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9c16aa09e3c881d18367ec0445a04b9b32befb82dfcc7304f5cc8f08080e5e1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34014CE5B09B4392EA54DB3EE85897933A0AF09B94B849131CB1E87B50EE3CE054C704
                                                                                                                                                                                                              Function 00007FFBB188ACB8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,00000000,00007FFBB188ACA1), ref: 00007FFBB188ACE1
                                                                                                                                                                                                              • OBJ_nid2obj.LIBCRYPTO-3(?,?,00000000,00007FFBB188ACA1), ref: 00007FFBB188ACED
                                                                                                                                                                                                              • PyErr_Format.PYTHON312(?,?,00000000,00007FFBB188ACA1), ref: 00007FFBB188AD0F
                                                                                                                                                                                                              • PyModule_GetState.PYTHON312(?,?,00000000,00007FFBB188ACA1), ref: 00007FFBB188AD1A
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1882078: OBJ_obj2nid.LIBCRYPTO-3(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB188209A
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1882078: OBJ_nid2sn.LIBCRYPTO-3(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB18820AC
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1882078: OBJ_nid2ln.LIBCRYPTO-3(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB18820B7
                                                                                                                                                                                                                • Part of subcall function 00007FFBB1882078: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00007FFBB1882056), ref: 00007FFBB18820E5
                                                                                                                                                                                                              • ASN1_OBJECT_free.LIBCRYPTO-3(?,?,00000000,00007FFBB188ACA1), ref: 00007FFBB188AD31
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$BuildFormatJ_nid2lnJ_nid2objJ_nid2snJ_obj2nidModule_SizeStateStringT_freeValue_
                                                                                                                                                                                                              • String ID: NID must be positive.$unknown NID %i
                                                                                                                                                                                                              • API String ID: 278606715-2656559464
                                                                                                                                                                                                              • Opcode ID: ae0ac65fb1819af8577364593bf56d4d06a4d68d9148f7d30562f5e1ebd44f1e
                                                                                                                                                                                                              • Instruction ID: 5f830a64f44a6834a2b5afdff47e144776bbd3f097eb46113ed8d028ed38dcfb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae0ac65fb1819af8577364593bf56d4d06a4d68d9148f7d30562f5e1ebd44f1e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66010894B28A4381EB049B3EEC544395362BF88FECB545535DB0E87B64DE2CE445C714
                                                                                                                                                                                                              Function 00007FFBB1886928 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_O_ctrlO_freeO_newO_s_memO_set_flagsString
                                                                                                                                                                                                              • String ID: failed to allocate BIO
                                                                                                                                                                                                              • API String ID: 68942223-3472608418
                                                                                                                                                                                                              • Opcode ID: ecfb2c89951a9ebea24edff846a4c90daa7c92aa311063a06142522f02f80916
                                                                                                                                                                                                              • Instruction ID: 56abe900b19926e427f01a598e4140b33cb4d3912b3e81eb220394d0408d36cf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ecfb2c89951a9ebea24edff846a4c90daa7c92aa311063a06142522f02f80916
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A0100A1B28B0382EB149B39FD5467963A2FF89BA9F145130DA5E47791EE3CE4448314
                                                                                                                                                                                                              Function 00007FFBB188B384 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: From$StringUnicode_$DeallocLongLong_R_get_bitsR_get_nameR_get_versionTuple_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4201023408-0
                                                                                                                                                                                                              • Opcode ID: fee9805fb240ed61a1836a88a8d80bf8eb09ec56de480b0409f3cb58b36e2ceb
                                                                                                                                                                                                              • Instruction ID: cd798d23ce3b609d52c52651c40c3d950f2b4f1596ee2c74e07ae35a55c71914
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fee9805fb240ed61a1836a88a8d80bf8eb09ec56de480b0409f3cb58b36e2ceb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC21C4A1A2A70285EF594F7DED9563823E1BF89F5CF584138CB0E46364DE3CA8519318
                                                                                                                                                                                                              Function 00007FFBB188412C Relevance: 12.1, APIs: 8, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Object_$L_freeTrack
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 970091570-0
                                                                                                                                                                                                              • Opcode ID: 35cd9a81a9f992b7679fb7d27a201f8466b69ddb0d54ef1fb2a7549f999a0284
                                                                                                                                                                                                              • Instruction ID: 6c28b4c7942a7933bde60db2f31843a2041d21ba72aef407ee7f1d2ac6befd6d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35cd9a81a9f992b7679fb7d27a201f8466b69ddb0d54ef1fb2a7549f999a0284
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE21E4BBA2AA0285FB599F78DD4433823A5FF64F6DF145130CB0E82690CE3DE4818318
                                                                                                                                                                                                              Function 00007FFBAB6B8564 Relevance: 10.6, APIs: 7, Instructions: 125threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocEval_Thread$Bytes_FromList_ModuleRestoreSaveSizeStateStringType_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2831925710-0
                                                                                                                                                                                                              • Opcode ID: cae30496bc2a9274937e9c345c6c18388f66ce03b5df9a1d955108f12d730ff2
                                                                                                                                                                                                              • Instruction ID: d649a7e95d068f658661be0b6e5fa94ac3768ede265b45c4f2bbdf3aee44ba8f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cae30496bc2a9274937e9c345c6c18388f66ce03b5df9a1d955108f12d730ff2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C35198A2A0BB5285EA769B39DD44179A7A0FF49750F58A235DE7D437A0EF3CE450C300
                                                                                                                                                                                                              Function 00007FFBAB5616D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                              • String ID: a unicode character$argument$category
                                                                                                                                                                                                              • API String ID: 1318908108-2068800536
                                                                                                                                                                                                              • Opcode ID: c31e599aff6ce8fd118d7930930d13bb61e4023c7ccaaddb711cf16cebfbc0cd
                                                                                                                                                                                                              • Instruction ID: 3eb3041e329cd0c016695ce407c2e6b227caf0644c9766f591e7b1a71898ad5a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c31e599aff6ce8fd118d7930930d13bb61e4023c7ccaaddb711cf16cebfbc0cd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B251BBE1F2A68641EB5A8B25D4702782361FB44785F5C9039DEAF477A1DF3CE851D700
                                                                                                                                                                                                              Function 00007FFBB1887110 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentKeywordsObject_SubtypeTrueType_Unpack
                                                                                                                                                                                                              • String ID: _wrap_bio$argument 'incoming'$argument 'outgoing'
                                                                                                                                                                                                              • API String ID: 2315463680-586963342
                                                                                                                                                                                                              • Opcode ID: 7a99cc93d3b1b627aeb0c5a372dcabc9ad71cf4808999c7c2d90a41c6890133f
                                                                                                                                                                                                              • Instruction ID: d05884ec65ed8f536c40a90017186ceb67c81c9affbc4813108004cc3f9e716a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a99cc93d3b1b627aeb0c5a372dcabc9ad71cf4808999c7c2d90a41c6890133f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6141A0A6B29B4292EB60CB6AEC4066963B5FB48BD8F444132EF4D43B54DF3CE455C308
                                                                                                                                                                                                              Function 00007FFBAB561000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                              • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                              • API String ID: 1318908108-2110215792
                                                                                                                                                                                                              • Opcode ID: 2be184d8cc6ee1ee00809d45acc887d572eb9887141ab2374770304697e252f3
                                                                                                                                                                                                              • Instruction ID: 124db283e8f7ce870d9ec72076215009ba177a3901dbf45b2df39888a74012b5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2be184d8cc6ee1ee00809d45acc887d572eb9887141ab2374770304697e252f3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8041A5E1F2A68282EB5A8B25D4753792361FB14790F48A03DDE6E477B5CE3DD8919300
                                                                                                                                                                                                              Function 00007FFBB1882108 Relevance: 10.6, APIs: 7, Instructions: 91COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: J_obj2txt$FromMallocMem_SizeStringUnicode_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2822617359-0
                                                                                                                                                                                                              • Opcode ID: ec5c0115b5d408b9a231acbec57476d26fc7683e8520e5142420d39806e253ab
                                                                                                                                                                                                              • Instruction ID: 52006d7169e3c304dd238232c206fb146052b69b38dd2fe524a957854fdb609a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec5c0115b5d408b9a231acbec57476d26fc7683e8520e5142420d39806e253ab
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B31AFA5B28A4286F7219B3AEC5077A6292BF89BCCF544130DF0E8A754DE3CF505C708
                                                                                                                                                                                                              Function 00007FFBB1883C3C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_N_get_id$ArgumentCallInternalmemcmp
                                                                                                                                                                                                              • String ID: D:\a\1\s\Modules\_ssl.c
                                                                                                                                                                                                              • API String ID: 2709062062-132925792
                                                                                                                                                                                                              • Opcode ID: 7cf2a4e6880d302448142106e15427b3e1fda5a3d611ffc2f48da2b1fe6517e4
                                                                                                                                                                                                              • Instruction ID: ab1e6c241f51554f867578f86e5e040f39f8f3469a2a0797b493658ccb98cf6b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cf2a4e6880d302448142106e15427b3e1fda5a3d611ffc2f48da2b1fe6517e4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 853141B1A2D64781EB688F3EDC5403966A2FF45B88F105431DF0E47B94DE6DEA418708
                                                                                                                                                                                                              Function 00007FFBB1886A4C Relevance: 10.6, APIs: 7, Instructions: 58COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Bytes_O_ctrl_pending$DeallocFromModuleO_readResizeSizeStateStringType_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3878297189-0
                                                                                                                                                                                                              • Opcode ID: a266e06e7d8bf40d3eb7ba0e5816cd6606d5cb6db623760654e00e581fb6e366
                                                                                                                                                                                                              • Instruction ID: 789b8173b8e4195dbbe757a813c7c0f5cb5a245f2745d9d356967be9419b5714
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a266e06e7d8bf40d3eb7ba0e5816cd6606d5cb6db623760654e00e581fb6e366
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E2187A1B28B4282EB149B39ED4413963A2FF88B9CF248531DB0D87655EF3DE445C704
                                                                                                                                                                                                              Function 00007FFBB188C4B4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: X509_$Arg_M_clear_flagsM_get_flagsM_set_flagsParse_SizeX_get0_param
                                                                                                                                                                                                              • String ID: h
                                                                                                                                                                                                              • API String ID: 3791563005-2454491117
                                                                                                                                                                                                              • Opcode ID: 69d1a069e3963972350a9956799200fd3e5a311cabca318b744fc5e3767e9ee0
                                                                                                                                                                                                              • Instruction ID: ae0eb7fc83265748d75632f3ea03df62d322bc1c38b4cff9786162f4537cb980
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69d1a069e3963972350a9956799200fd3e5a311cabca318b744fc5e3767e9ee0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 281163A5B2874282FB208B7DEC4417A67A1BF84B98F144231EB5D87B98DF7CE4458718
                                                                                                                                                                                                              Function 00007FFBB1888C18 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ConverterDeallocErr_FormatJ_sn2nidR_clear_errorR_peek_last_errorUnicode_X_ctrl
                                                                                                                                                                                                              • String ID: unknown elliptic curve name %R
                                                                                                                                                                                                              • API String ID: 3792718242-553976147
                                                                                                                                                                                                              • Opcode ID: b6435ebca96cfba828e7183957bdc522b51a1c2eb0a17d2ab22b5edbc9133ce6
                                                                                                                                                                                                              • Instruction ID: 154b9ea024dbf1327286c6949f7760798163404a48e91636a933f4ab30ce338f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6435ebca96cfba828e7183957bdc522b51a1c2eb0a17d2ab22b5edbc9133ce6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0113DB1A29A42C2EB509F79ED4417AA362FF85B9CF604131DB0D82A68DF7CE445C718
                                                                                                                                                                                                              Function 00007FFBBC3411F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643202156.00007FFBBC341000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBBC340000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643187247.00007FFBBC340000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643218174.00007FFBBC343000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643233388.00007FFBBC345000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643248571.00007FFBBC346000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbc340000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Err_List_StringThread_allocate_lock
                                                                                                                                                                                                              • String ID: can't allocate lock
                                                                                                                                                                                                              • API String ID: 214698565-1504453919
                                                                                                                                                                                                              • Opcode ID: d727e4e94fb3263a9fa15c9c9f4f0035e00192dd02da49f6d4cfe4f81afbe1e2
                                                                                                                                                                                                              • Instruction ID: 4775681296033025ef5a5ae7e3c65219623c6802977e657917aced08ff6a034b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d727e4e94fb3263a9fa15c9c9f4f0035e00192dd02da49f6d4cfe4f81afbe1e2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB11E3F2A19B0282EB59DB39E849B3823E5EB48B55F841134CB4E86694DF7DE044C348
                                                                                                                                                                                                              Function 00007FFBB1884858 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: X_set_msg_callback$Callable_CheckDeallocErr_String
                                                                                                                                                                                                              • String ID: not a callable object
                                                                                                                                                                                                              • API String ID: 3435843511-3332612890
                                                                                                                                                                                                              • Opcode ID: 95b28486bfa6d98789c15458943706ad0402359d0eb6b3398c33b099ea41e651
                                                                                                                                                                                                              • Instruction ID: b46ccdf4302464e465e950e2b7ad954273806caf46a28ee05bc29f2e2f9d687f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95b28486bfa6d98789c15458943706ad0402359d0eb6b3398c33b099ea41e651
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB11B9B6A38942C2EB589B79ED5433823A1FF84B9CF548131CB1D86654DF3DD455C308
                                                                                                                                                                                                              Function 00007FFBAB561150 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _PyArg_CheckPositional.PYTHON312 ref: 00007FFBAB5636E7
                                                                                                                                                                                                              • _PyArg_BadArgument.PYTHON312 ref: 00007FFBAB56371A
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB5611B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFBAB5611E2
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB5611B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFBAB5611FA
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB5611B0: PyType_IsSubtype.PYTHON312 ref: 00007FFBAB56121D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_CompareStringUnicode_With$ArgumentCheckPositionalSubtypeType_
                                                                                                                                                                                                              • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                              • API String ID: 4101545800-1320425463
                                                                                                                                                                                                              • Opcode ID: 6a3206665d50624963465f038f79663c2d3d68664346081dad0779ef5a43a2b4
                                                                                                                                                                                                              • Instruction ID: 67bedcd8c05b5a1fd9d133142f1e68957b6ada225c5d5adbcdd35929ffd305fa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a3206665d50624963465f038f79663c2d3d68664346081dad0779ef5a43a2b4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E11A0E0B1968680EB568B29E8706B92360BF04FC4F48D039DD2D0B372CE3CD584D340
                                                                                                                                                                                                              Function 00007FFBAB564870 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                              • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                              • API String ID: 3876575403-184702317
                                                                                                                                                                                                              • Opcode ID: 7c950a274d1c530a4e2b2ee5c75bc666441a244dd8d061769435580234d1272f
                                                                                                                                                                                                              • Instruction ID: 6ad7b75557e9288b6918139194f55e94155e50c2cb27f424d35fd4a898b3d10e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c950a274d1c530a4e2b2ee5c75bc666441a244dd8d061769435580234d1272f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19018EA0B1A68694EB928B66E8B07B52360AF45FC4F48D039DD6D0B676EF3CD485C700
                                                                                                                                                                                                              Function 00007FFBB188C698 Relevance: 10.5, APIs: 7, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: X509_$T_get0_T_set1_X509$T_freeT_get_typeT_new
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4176268728-0
                                                                                                                                                                                                              • Opcode ID: 71aa61945f2b71ff2db8ad25256366cce468f5df5c0857eb6309af63f78037d8
                                                                                                                                                                                                              • Instruction ID: 06e893a87e7c8686d25fa2358a4607bd51b0ba1d36a3af99f3a73385ddee4f55
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71aa61945f2b71ff2db8ad25256366cce468f5df5c0857eb6309af63f78037d8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B70131A0A3C64381EF546B3EEE545791261BF49FDCB541134CA0F86799EF2CF4444318
                                                                                                                                                                                                              Function 00007FFBAB6C1F4C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                                                                                                                                                              • String ID: Invalid filter specifier for delta filter$|OO&
                                                                                                                                                                                                              • API String ID: 3027669873-2010576982
                                                                                                                                                                                                              • Opcode ID: 8f6d3e53a03bcdfc1a1c4549eb233bcc7dd316073f513c0d7cf3946cf18a22e7
                                                                                                                                                                                                              • Instruction ID: df8066c5f233a543af7303a159723a498ed130c442d88d371d48e26f12db5344
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f6d3e53a03bcdfc1a1c4549eb233bcc7dd316073f513c0d7cf3946cf18a22e7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B112AB1A0AA03C5EB528F28DC44178B7A4FB45754F54A031C92D43370DF7DE80AD380
                                                                                                                                                                                                              Function 00007FFBB188C228 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_Err_Parse_SizeStringX_set_num_tickets
                                                                                                                                                                                                              • String ID: SSLContext is not a server context.$failed to set num tickets.$value must be non-negative
                                                                                                                                                                                                              • API String ID: 2130650243-3995814857
                                                                                                                                                                                                              • Opcode ID: 34e7c658043ec6a05f16ad1d4ff55b3578556bcd764564bcccc465152ca84dd7
                                                                                                                                                                                                              • Instruction ID: d19ac20270538065bebc827499226d8a1d88ceeb0b2eb1678c3b31cbfd388bff
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34e7c658043ec6a05f16ad1d4ff55b3578556bcd764564bcccc465152ca84dd7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2101E1E4A2C603C1EB548BBDEC940B523A2BF45B9DF545131CB1D866E8DF2CE484D758
                                                                                                                                                                                                              Function 00007FFBAB6C1EC0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                                                                                                                                                              • String ID: Invalid filter specifier for BCJ filter$|OO&
                                                                                                                                                                                                              • API String ID: 3027669873-3728029529
                                                                                                                                                                                                              • Opcode ID: c99a539e3f84903be04565e407b851ab502a56b26a5fb183a3bd791a404fbe6a
                                                                                                                                                                                                              • Instruction ID: 34c20794b4b7e9b914a3e6ba522b78c66fa124e4c699ab884e5ae53dfa6b3f80
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c99a539e3f84903be04565e407b851ab502a56b26a5fb183a3bd791a404fbe6a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 420109B1A0AB4285EB528F39EC48178B3A4BB46740F54A031C92D43770DF3CE809D340
                                                                                                                                                                                                              Function 00007FFBB18891B8 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocInsertL_get1_peer_certificateL_get_peer_cert_chainList_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 710524685-0
                                                                                                                                                                                                              • Opcode ID: 9cf0ef28c653eccea6027fa880da99bfbaba0b7ef2cc346cab40ac5a42e38bb4
                                                                                                                                                                                                              • Instruction ID: 2f186cb7e656b3108fbbebc2585df5b137386b2e0b183308fdeed5c043b6f6d2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9cf0ef28c653eccea6027fa880da99bfbaba0b7ef2cc346cab40ac5a42e38bb4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B310172E29A5281EB549B3EDD5423933A2BFC8BA8F044135CB2E47798DF3CE4518344
                                                                                                                                                                                                              Function 00007FFBB1884950 Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: List_$DeallocItemL_sk_numL_sk_valueX509_up_ref
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2540853196-0
                                                                                                                                                                                                              • Opcode ID: fd2a65c6ecf8010d7047c01e71fdc556cecccf67bb5e69fd90c9c35f769795df
                                                                                                                                                                                                              • Instruction ID: 1b8bc3c8912d27658c89b031b7b49a316950fb19d6e00f944f8d603e09f965d1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd2a65c6ecf8010d7047c01e71fdc556cecccf67bb5e69fd90c9c35f769795df
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78218E62A19B5282EB258F2AEC4426977A1FF89FE8F454631CF5D437A4DE3CE4418304
                                                                                                                                                                                                              Function 00007FFBAB6C0970 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyLong_FromUnsignedLongLong.PYTHON312(?,?,?,00007FFBAB6C086D,?,?,?,00007FFBAB6C081A,?,?,?,?,?,00007FFBAB6C07A5), ref: 00007FFBAB6C0988
                                                                                                                                                                                                              • PyUnicode_InternFromString.PYTHON312(?,?,?,00007FFBAB6C086D,?,?,?,00007FFBAB6C081A,?,?,?,?,?,00007FFBAB6C07A5), ref: 00007FFBAB6C0999
                                                                                                                                                                                                              • PyDict_SetItem.PYTHON312(?,?,?,00007FFBAB6C086D,?,?,?,00007FFBAB6C081A,?,?,?,?,?,00007FFBAB6C07A5), ref: 00007FFBAB6C09B4
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,00007FFBAB6C086D,?,?,?,00007FFBAB6C081A,?,?,?,?,?,00007FFBAB6C07A5), ref: 00007FFBAB6C5CBE
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,00007FFBAB6C086D,?,?,?,00007FFBAB6C081A,?,?,?,?,?,00007FFBAB6C07A5), ref: 00007FFBAB6C5CD7
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocFromLong$Dict_InternItemLong_StringUnicode_Unsigned
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 252187852-0
                                                                                                                                                                                                              • Opcode ID: 4407cb7e2ae5907235722564fec9c5a3f52f4cf3bc80c1b274a729e09646330d
                                                                                                                                                                                                              • Instruction ID: 4e3d226252ec2b24d2014b95e2a304fd5789d1b4feaf984a8ee37e3510ea6c5d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4407cb7e2ae5907235722564fec9c5a3f52f4cf3bc80c1b274a729e09646330d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5111F71D0EA4281FA664B39DD18339A694BF47BD5F08B031DE2D427A5DF3CA8418340
                                                                                                                                                                                                              Function 00007FFBBC3410C0 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643202156.00007FFBBC341000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBBC340000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643187247.00007FFBBC340000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643218174.00007FFBBC343000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643233388.00007FFBBC345000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643248571.00007FFBBC346000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbc340000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocObject_Thread_free_lockThread_release_lockTrack
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 564963399-0
                                                                                                                                                                                                              • Opcode ID: 0c3cbc12a50f1ae07d0e652cfad3e436aa92468ef065314d0343909d378fa1a8
                                                                                                                                                                                                              • Instruction ID: 9a2be72d76b182f3abc5be524e6f07c275dc90f15a0d1f65a94a0011710a23d5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c3cbc12a50f1ae07d0e652cfad3e436aa92468ef065314d0343909d378fa1a8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2511E6F2908A46C2EB98DF39E44EB787360FB49B4AF945030CB0E02694CF3CE4948348
                                                                                                                                                                                                              Function 00007FFBB188B450 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Eval_Thread$O_free_allRestoreSave
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 86175192-0
                                                                                                                                                                                                              • Opcode ID: 8196f732d86905c13300e474d0ac5391f75ecd81706f89c0c6c02e6af4e94cf8
                                                                                                                                                                                                              • Instruction ID: d40f3770df3545b3dbae469c8a1374e3c692e323b44937f995aafbfde47ac845
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8196f732d86905c13300e474d0ac5391f75ecd81706f89c0c6c02e6af4e94cf8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1911FEB2A29A0592EB598F7DDD8937823A1FF88B5DF144134CB0D86960CF7DE4A5C318
                                                                                                                                                                                                              Function 00007FFBB1887378 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 103COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentKeywordsObject_TrueUnpack
                                                                                                                                                                                                              • String ID: _wrap_socket$argument 'sock'
                                                                                                                                                                                                              • API String ID: 2318005752-3343203394
                                                                                                                                                                                                              • Opcode ID: 03c0cddde99a3229f31b4b230c278ac7fb814f533f87b44c54c8f0cc6a44e6f6
                                                                                                                                                                                                              • Instruction ID: 4304cdfb95cbdc28e4ab194150571d88e96069eb9ef90ffef8d1e1db31d9280f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03c0cddde99a3229f31b4b230c278ac7fb814f533f87b44c54c8f0cc6a44e6f6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7341A0A2B29A4296EB519B2AEC806697BB4FF04BD8F440032DF0C47B64DF3CE455C708
                                                                                                                                                                                                              Function 00007FFBAB6C0A68 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PySequence_Size.PYTHON312(00000000,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0A94
                                                                                                                                                                                                              • PySequence_GetItem.PYTHON312(?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0AC7
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6C0B5C: PyMapping_Check.PYTHON312(?,?,?,00000028,00007FFBAB6C0AE3,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0B81
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6C0B5C: PyMapping_GetItemString.PYTHON312(?,?,?,00000028,00007FFBAB6C0AE3,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0B9B
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6C0B5C: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00000028,00007FFBAB6C0AE3,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0BB0
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6C0B5C: PyErr_Occurred.PYTHON312(?,?,?,00000028,00007FFBAB6C0AE3,?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C0BC7
                                                                                                                                                                                                              • PyErr_Format.PYTHON312(?,00000000,00007FFBAB6C0A18), ref: 00007FFBAB6C5D09
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_ItemLongMapping_Sequence_$CheckFormatLong_OccurredSizeStringUnsigned
                                                                                                                                                                                                              • String ID: Too many filters - liblzma supports a maximum of %d
                                                                                                                                                                                                              • API String ID: 1062705235-2617632755
                                                                                                                                                                                                              • Opcode ID: ccf5a64d07049f618c25ab74cbb4974c3106e7c7554985af56aab865a0a260af
                                                                                                                                                                                                              • Instruction ID: 7e630916f14c3c8adcad031d9e17cd5a6603ad304aca6487f1c6385272b95f49
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ccf5a64d07049f618c25ab74cbb4974c3106e7c7554985af56aab865a0a260af
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 963170A1B0AA5285EA669F3AEC04139E651BB46BF4F18A331DD3D477E5DE3CE4418700
                                                                                                                                                                                                              Function 00007FFBAB6C20DC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$FormatOccurred
                                                                                                                                                                                                              • String ID: Invalid compression preset: %u$Invalid filter chain for FORMAT_ALONE - must be a single LZMA1 filter
                                                                                                                                                                                                              • API String ID: 4038069558-4068623215
                                                                                                                                                                                                              • Opcode ID: 42de15237a213d44223ebd833c4df5f098df34b0787ac9d39a2d3eb57667bed4
                                                                                                                                                                                                              • Instruction ID: daa950b3096f435dc9af1be8b981de6e347b3e7c55707753e32afce459113700
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42de15237a213d44223ebd833c4df5f098df34b0787ac9d39a2d3eb57667bed4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A62175A1A1EA4241EA619B3CEC45379A350FF8AB94F44B231DE7D876F1DE2CD5058700
                                                                                                                                                                                                              Function 00007FFBAB56479C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentSubtypeType_
                                                                                                                                                                                                              • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                              • API String ID: 1522575347-3913127203
                                                                                                                                                                                                              • Opcode ID: 7b891638b4a45313673a93616f0d216ddcfc167a757208e07fea525010fbe4c5
                                                                                                                                                                                                              • Instruction ID: 7e56910a7eb223077bfa6c038e2771b45322cfe9e2abc3f588fbb0fe451939c2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b891638b4a45313673a93616f0d216ddcfc167a757208e07fea525010fbe4c5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B821B3A1E2AA8281EB4A8B31E47017866A1BB55B80F48D139DE6D43762EF3CD4958300
                                                                                                                                                                                                              Function 00007FFBB188685C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$KeywordsModuleModule_PositionalStateType_
                                                                                                                                                                                                              • String ID: MemoryBIO
                                                                                                                                                                                                              • API String ID: 2980520244-1677681617
                                                                                                                                                                                                              • Opcode ID: 9e4bf03bba4a1c211ec4de2d09b963b652f5dc142592f0e94bf011e39ae1d73c
                                                                                                                                                                                                              • Instruction ID: 7b4e09e9cc6f7cf7bcbd7837594b7500ba8d035215791cd297ea142bedd72756
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e4bf03bba4a1c211ec4de2d09b963b652f5dc142592f0e94bf011e39ae1d73c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F216DA1B29A4681EB508F2AEC405B967A5FB44FC8F584032CF4C47754DF7CE895C344
                                                                                                                                                                                                              Function 00007FFBAB564D6C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                              • String ID: not a numeric character
                                                                                                                                                                                                              • API String ID: 1034370217-2058156748
                                                                                                                                                                                                              • Opcode ID: 8a252d4494416c01de2789638a4ecad70e8503ee6f61509ac703bcac1011aaf0
                                                                                                                                                                                                              • Instruction ID: e5ada431e873cddf973d23078c9d5c516acf5568a377581ef7639f4cac4bc1a0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a252d4494416c01de2789638a4ecad70e8503ee6f61509ac703bcac1011aaf0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6216DA1E2A946C6FA578B35E43013866A0AF58B84F0CD538CD7E47676EF3CE8918740
                                                                                                                                                                                                              Function 00007FFBAB564448 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                              • String ID: not a decimal
                                                                                                                                                                                                              • API String ID: 3750391552-3590249192
                                                                                                                                                                                                              • Opcode ID: 30abf5ee6eb06e173e75edeec379c503cf6988d9432b31e93c7c03d97c2bbd6f
                                                                                                                                                                                                              • Instruction ID: 876175747c95b562347f8e137aec20058f80aa63564c40fe1628821ae0a81baa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30abf5ee6eb06e173e75edeec379c503cf6988d9432b31e93c7c03d97c2bbd6f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92113DB1A2A64682EB569B35E43523967A1AF44B85F4CC438CE6E47676EF3CE8408340
                                                                                                                                                                                                              Function 00007FFBAB564CB4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                              • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                              • API String ID: 3876575403-2385192657
                                                                                                                                                                                                              • Opcode ID: f2c4218ba94db24fb659ccbfd3ee4767c89f092abad47c48dbe9f437d0b50517
                                                                                                                                                                                                              • Instruction ID: 1c90b9a8cdf86df138a73b0d027c4e0b83736c282d77d78e267f1622e6c589e2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2c4218ba94db24fb659ccbfd3ee4767c89f092abad47c48dbe9f437d0b50517
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C11EFB0F1AA8281FA518B66E4602A96330EB45BC4F48C03ADE2D43776EF3CD585C300
                                                                                                                                                                                                              Function 00007FFBAB564390 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                              • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                              • API String ID: 3876575403-2474051849
                                                                                                                                                                                                              • Opcode ID: d3484de5ee44d7a33ec5e53d5364025946576caca118cb4f9bd9e3e7fb1b6d42
                                                                                                                                                                                                              • Instruction ID: e96febc97db042f3e315de8071d94cdcb72dc039119260bda03c51dd13830b5c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3484de5ee44d7a33ec5e53d5364025946576caca118cb4f9bd9e3e7fb1b6d42
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1011BFB1B1AA8285EA519F66E4712A96360EB44F84F48C43ADE2D43776DF3CD196C300
                                                                                                                                                                                                              Function 00007FFBAB564B70 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                              • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                              • API String ID: 3876575403-4190364640
                                                                                                                                                                                                              • Opcode ID: ab7f7404489c6aefaed3bb65c109ab607c61dcc8bacd4a48ace643e301676b9f
                                                                                                                                                                                                              • Instruction ID: 97b8314d830a82524ba691e93c4295fabcb87262453b0e6cc971c90ca25f3d21
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab7f7404489c6aefaed3bb65c109ab607c61dcc8bacd4a48ace643e301676b9f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2119071B1AA4281EA529B66E4702A96360EF45BC4F48C43ADF2D47776EF3DE145C300
                                                                                                                                                                                                              Function 00007FFBB1884410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_L_set_L_set_msg_callbackStringSubtypeType_
                                                                                                                                                                                                              • String ID: The value must be a SSLContext
                                                                                                                                                                                                              • API String ID: 40619448-677980480
                                                                                                                                                                                                              • Opcode ID: 05587ad7c294506a30f15ef8291ccc118e8fbb3a541653ab8016d36ec2c8b0f2
                                                                                                                                                                                                              • Instruction ID: 554894c1127065012a9e96e5dfc34a82ce539ad4693f85946566191e5253ffad
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05587ad7c294506a30f15ef8291ccc118e8fbb3a541653ab8016d36ec2c8b0f2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E11D7F6A29A4681EB148F3EE98422823B1FB88FE8B155131DF5D87764DE28D454C308
                                                                                                                                                                                                              Function 00007FFBAB5642A4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                              • String ID: a unicode character$argument$combining
                                                                                                                                                                                                              • API String ID: 3979797681-4202047184
                                                                                                                                                                                                              • Opcode ID: f57a56bca3f03315399802cbb188705c8f0221a3905f8c719d86b24713be5e96
                                                                                                                                                                                                              • Instruction ID: ee49c06a28b788c232e528d66af30b3522087dc1c19c70fde92beaaef083e19b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f57a56bca3f03315399802cbb188705c8f0221a3905f8c719d86b24713be5e96
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6201B5E0F2AA4282EA268B75E8701B96290BF09744F48953DDD2D43272DF3CD5848300
                                                                                                                                                                                                              Function 00007FFBAB564A7C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                              • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                              • API String ID: 3979797681-4001128513
                                                                                                                                                                                                              • Opcode ID: 9496c058ca4f3a92d16c11e0dea8752c802f91a4b5f675f0277ed2c6365c313a
                                                                                                                                                                                                              • Instruction ID: f2fb60b670b03e3a6d4b0395b18c1afff9fd22d5b489d13e43b3f604768fe836
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9496c058ca4f3a92d16c11e0dea8752c802f91a4b5f675f0277ed2c6365c313a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF0171E0E2A64395EA169B36E8701B963A1BF49754F489539DE7D832B2EE3CD544C300
                                                                                                                                                                                                              Function 00007FFBB188B004 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_FormatFromModuleO_newO_s_memStateStringType_Unicode_X509_get_subject_name
                                                                                                                                                                                                              • String ID: <%s '%U'>
                                                                                                                                                                                                              • API String ID: 652521511-3496504151
                                                                                                                                                                                                              • Opcode ID: 50b141ed826700b23b6a66b8d43da9fffa3efaedf13ddab88eceafe6ff763c10
                                                                                                                                                                                                              • Instruction ID: 9ffc5c4d905c1edb61445fe70c746882c60dc51adf9f54d92e184508d1be08e3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50b141ed826700b23b6a66b8d43da9fffa3efaedf13ddab88eceafe6ff763c10
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB01FF61A19A82C1EB048F2AED44169A3A2FF59FE8F085531DF5E477A5DF3DE482C304
                                                                                                                                                                                                              Function 00007FFBAB562610 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                              • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                              • API String ID: 3673501854-3989975041
                                                                                                                                                                                                              • Opcode ID: 04962b3129ec8039d4574c2b15526bc82bf072c2335504b47079f601afa57e40
                                                                                                                                                                                                              • Instruction ID: 5d8235eb55c82ca557de2d144c13d8bfec8b7b79ecb0127fd0af8b1d07a0e585
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04962b3129ec8039d4574c2b15526bc82bf072c2335504b47079f601afa57e40
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9F0F6B0A2BB8695EA068B35F834175A2A4BF58B80F4C9439CC6E06376EE3CE4448310
                                                                                                                                                                                                              Function 00007FFBC31310E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643281784.00007FFBC3131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFBC3130000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643266263.00007FFBC3130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643298480.00007FFBC3133000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643315453.00007FFBC3135000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643331694.00007FFBC3136000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbc3130000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_$FromInternObjectStateStringUnicode_
                                                                                                                                                                                                              • String ID: close$error
                                                                                                                                                                                                              • API String ID: 4029360594-371397155
                                                                                                                                                                                                              • Opcode ID: 0a630f88c3fb29b6303c131d10015d5f25b4110c9ff69da5c0eced729275bb56
                                                                                                                                                                                                              • Instruction ID: 0a45bc6565b4c9bd67bf275b278790b50ca35c56c5107de525b01656c29183f5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a630f88c3fb29b6303c131d10015d5f25b4110c9ff69da5c0eced729275bb56
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30F05EB1A09B8795EA819F75F8448BA2360BF09FA4F8C4536DE1D673A0DF3CD0598304
                                                                                                                                                                                                              Function 00007FFBB188C5C4 Relevance: 7.6, APIs: 5, Instructions: 64encryptionCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CertStore$CloseOpen$Collection
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1995843185-0
                                                                                                                                                                                                              • Opcode ID: a97086b591f17b9b18d84e901abd29b842c6a21da91c0b4f271a3da55d1070b3
                                                                                                                                                                                                              • Instruction ID: 0d230d6dc49b677a5935d15b87ff03092e323db647e25bdca86020ca4cfb5a67
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a97086b591f17b9b18d84e901abd29b842c6a21da91c0b4f271a3da55d1070b3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3321C272B2865186EB24CF3AEC04A6973A1FB84BD8F448534DE0D43B54EF3CE5169604
                                                                                                                                                                                                              Function 00007FFBC3131070 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643281784.00007FFBC3131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFBC3130000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643266263.00007FFBC3130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643298480.00007FFBC3133000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643315453.00007FFBC3135000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643331694.00007FFBC3136000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbc3130000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocModule_State
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1903735390-0
                                                                                                                                                                                                              • Opcode ID: 2ce0c8c7188e7a3beb229335f2cd0a6251314470689c624f0e1d13b771884af1
                                                                                                                                                                                                              • Instruction ID: bfc39e4e43ed37132999ec80afe40470c95b615cac5aa1650bc3a5e15e1f1fa7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ce0c8c7188e7a3beb229335f2cd0a6251314470689c624f0e1d13b771884af1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4721EDF2D096828DFF956F71C844BBA23A4AB55F29F984530C60EA6181CF7DA4458781
                                                                                                                                                                                                              Function 00007FFBAB6C314C Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Module_State
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3434497292-0
                                                                                                                                                                                                              • Opcode ID: db67306de73857620c4aba995a460db50807d40a919903c7b44c58eb7544d94b
                                                                                                                                                                                                              • Instruction ID: 6fee5f17f4b290063a1442c919b8c05a474af0b0be731f6bf5ff72a20d51cbe4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: db67306de73857620c4aba995a460db50807d40a919903c7b44c58eb7544d94b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6921EDB690BA0289FB6B5F79DC18379B2A0BF46B09F18F030CD2D459A0CF7DA4458350
                                                                                                                                                                                                              Function 00007FFBB1884250 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object_$Err_L_get1_sessionL_get_sessionN_freeStringTrack
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3192219654-0
                                                                                                                                                                                                              • Opcode ID: 217233847cf5e1884bc234dd958477d2dd9191a53d20e5fe9287752b81ec7300
                                                                                                                                                                                                              • Instruction ID: 366176e53d6520909617074cb929173ecd8b3a54bdca455def33c2a9131f29b6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 217233847cf5e1884bc234dd958477d2dd9191a53d20e5fe9287752b81ec7300
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B113D62A2DB4682EB649B6AEC5023823A1FF88F88B140535DF4E83755EF3CE451C358
                                                                                                                                                                                                              Function 00007FFBB1883B30 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocObject_$N_freeTrack
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1683932209-0
                                                                                                                                                                                                              • Opcode ID: 5a4699617476398dec379961fde2e2efc566082deaa6f398ac356c7b45782c82
                                                                                                                                                                                                              • Instruction ID: afae46f19bf1546675d62e69208ef9edb581c16bba726dd096c5443595cdcdbd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a4699617476398dec379961fde2e2efc566082deaa6f398ac356c7b45782c82
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CF031B5A2974282EB559F79ED4423823A1FF44BA8F044531CF0E426518F3CE5908308
                                                                                                                                                                                                              Function 00007FFBBC341150 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643202156.00007FFBBC341000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBBC340000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643187247.00007FFBBC340000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643218174.00007FFBBC343000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643233388.00007FFBBC345000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643248571.00007FFBBC346000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbc340000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ModulePositionalType_
                                                                                                                                                                                                              • String ID: SimpleQueue
                                                                                                                                                                                                              • API String ID: 3219513047-3395603730
                                                                                                                                                                                                              • Opcode ID: 89a681548d28d6bd2b7f4e905b069bc64ec55ecc295e790329d9b988e56cfa35
                                                                                                                                                                                                              • Instruction ID: 2373845301b31db2a1e58dc4f35fa7f7fbe5497285d5746333cad53f4ce8ed8f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89a681548d28d6bd2b7f4e905b069bc64ec55ecc295e790329d9b988e56cfa35
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31115CE1B09E42D4EA60DF3AE8899B977A1FB44BD0F944031CB0D07654DF3CE4908788
                                                                                                                                                                                                              Function 00007FFBB188AEF4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyUnicode_InternFromString.PYTHON312(?,?,00000000,00007FFBB188A55E), ref: 00007FFBB188AF0F
                                                                                                                                                                                                              • PyUnicode_InternFromString.PYTHON312(?,?,00000000,00007FFBB188A55E), ref: 00007FFBB188AF34
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FromInternStringUnicode_
                                                                                                                                                                                                              • String ID: pkcs_7_asn$x509_asn
                                                                                                                                                                                                              • API String ID: 3337471625-3375957347
                                                                                                                                                                                                              • Opcode ID: 1f9c6f9bc31767b18b6a98288687fc038da2a297ed4a84ee094d7255858575c0
                                                                                                                                                                                                              • Instruction ID: a8d53c4d9cdc4daf8f848be7b4f9a58aa29f6e95b301a8f59cd4a903f8300974
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f9c6f9bc31767b18b6a98288687fc038da2a297ed4a84ee094d7255858575c0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B51100F0E2AA0786FB598B3DEC505342291BF55749B580235DB0D823E4EE3CB856C318
                                                                                                                                                                                                              Function 00007FFBB18869B8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_CheckErr_Long_OccurredPositional
                                                                                                                                                                                                              • String ID: read
                                                                                                                                                                                                              • API String ID: 3612027452-2555855207
                                                                                                                                                                                                              • Opcode ID: b84fa4829e297b57719e082b6075238d6956949f73cf1ef04841bfa82c3bc265
                                                                                                                                                                                                              • Instruction ID: 86897058a88ced053f571325c1f9e8e0f74a98d77977cd8e6b4f20f890ebc29f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b84fa4829e297b57719e082b6075238d6956949f73cf1ef04841bfa82c3bc265
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D01C071B24A5185E750AF3BEC40469A6A1FF88FA8B688131DF1D83794DE38E881C704
                                                                                                                                                                                                              Function 00007FFBAB561ED0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FFBAB561EBC), ref: 00007FFBAB563C1F
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB561FB0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFBAB561FE8
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB561FB0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFBAB562006
                                                                                                                                                                                                              • PyErr_Format.PYTHON312 ref: 00007FFBAB561F33
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                              • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                              • API String ID: 3882229318-4056717002
                                                                                                                                                                                                              • Opcode ID: 1035d3c545dcad7f3fc1fcdb04c9696ab0948ab795443172b9eb40205ee2c5c7
                                                                                                                                                                                                              • Instruction ID: d8b216c8cb3110a5956b60aba696cd269d5f7c73d29ae9868ef1bd663113983a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1035d3c545dcad7f3fc1fcdb04c9696ab0948ab795443172b9eb40205ee2c5c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 801133B5E6A94B81EB028B34E4B42B46360FB48748F889535CE2D472B2DF7DD54AC740
                                                                                                                                                                                                              Function 00007FFBB18865EC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_StringX_get_verify_callbackX_set_verify
                                                                                                                                                                                                              • String ID: invalid value for verify_mode
                                                                                                                                                                                                              • API String ID: 93861573-2668209411
                                                                                                                                                                                                              • Opcode ID: d7ac10d1087fdb55939129a130c4c4d91eca1ef0c94df19532bf97442535594a
                                                                                                                                                                                                              • Instruction ID: 9da7d634820f95e096bc149760b99bd88896b37a4598dc9c66ac64a601c68545
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7ac10d1087fdb55939129a130c4c4d91eca1ef0c94df19532bf97442535594a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EF062A5B2864381EB54DB3DED9413823A1FF88B9CF644131CB1D877A4CE2DD8958308
                                                                                                                                                                                                              Function 00007FFBB1884A20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DecodeErr_O_ctrlStringUnicode_
                                                                                                                                                                                                              • String ID: Not a memory BIO
                                                                                                                                                                                                              • API String ID: 3520065620-587638661
                                                                                                                                                                                                              • Opcode ID: b7e4011f530dbdd0a00be4e2e8cf985e73e6caa25f62caafb2b13bf70a9a96af
                                                                                                                                                                                                              • Instruction ID: 8f71f841c097287ee2e9b4ed3e8c9040f7dc0581c117d2e4ac5f0368f9ef85b2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b7e4011f530dbdd0a00be4e2e8cf985e73e6caa25f62caafb2b13bf70a9a96af
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9F090A6A39602C2EB04CB75EC407746361BF88B88F005131EF0E8A614DF2CE548C708
                                                                                                                                                                                                              Function 00007FFBAB6C1E7C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyLong_AsUnsignedLongLong.PYTHON312(?,?,00000006,00007FFBAB6C0CFC), ref: 00007FFBAB6C1E89
                                                                                                                                                                                                              • PyErr_Occurred.PYTHON312(?,?,00000006,00007FFBAB6C0CFC), ref: 00007FFBAB6C1E92
                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,00000006,00007FFBAB6C0CFC), ref: 00007FFBAB6C607B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                                                                                                                                                              • String ID: Value too large for uint32_t type
                                                                                                                                                                                                              • API String ID: 944333170-1712686559
                                                                                                                                                                                                              • Opcode ID: beb8bb3f21a158d48b7ae8f5362e1cc07ff4e792364f621d751ee79adeb98e45
                                                                                                                                                                                                              • Instruction ID: d9f817095eba548466e33ac979b9bc8905c58c337948d3a59af22a1f0c6c8e0f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: beb8bb3f21a158d48b7ae8f5362e1cc07ff4e792364f621d751ee79adeb98e45
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF05EA1B0AA0385EF525F39EC94178A760EB4AB84F08E030CD2D86330DE3CE8959300
                                                                                                                                                                                                              Function 00007FFBAB6C6490 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                                                                                                                                                              • String ID: Value too large for lzma_match_finder type
                                                                                                                                                                                                              • API String ID: 944333170-1161044407
                                                                                                                                                                                                              • Opcode ID: 9914e4eca75eb01d789d50a663b97705113751f3ba4ec09a09449ef1f848119f
                                                                                                                                                                                                              • Instruction ID: 070ecd7d356e4a0dbfec049dc3efe422fb18cf2840c4510d016fdacf03d32be4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9914e4eca75eb01d789d50a663b97705113751f3ba4ec09a09449ef1f848119f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34F05EA2A0AA17C1EB624F39FD84178A3A0BF46B84F08E034CE2D07370DE3CE4848300
                                                                                                                                                                                                              Function 00007FFBAB6C64E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                                                                                                                                                              • String ID: Value too large for lzma_mode type
                                                                                                                                                                                                              • API String ID: 944333170-1290617251
                                                                                                                                                                                                              • Opcode ID: c75928b8bcefc147294998117d43192376e487e7008253cef88493b04ebec458
                                                                                                                                                                                                              • Instruction ID: bf11022406815548877f6e506d372611c253bdb06bd75f0cba484a75689f3bc4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c75928b8bcefc147294998117d43192376e487e7008253cef88493b04ebec458
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EF0F4A1B0AA43D1EA614F79FC841749760AF45B84F58F434DD2D47678DE3CE8958304
                                                                                                                                                                                                              Function 00007FFBB1889D6C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: L_get_versionL_is_init_finishedstrcmp
                                                                                                                                                                                                              • String ID: unknown
                                                                                                                                                                                                              • API String ID: 1061301088-2904991687
                                                                                                                                                                                                              • Opcode ID: ffaaf28bd1fd66e80925d884df39b0a2dea999f8f5413a71e9712b78e77658b4
                                                                                                                                                                                                              • Instruction ID: 4bccbdbb19ef5a7c751c9059d7ef92829a0b8c36f5f35f5f680cd95add208512
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffaaf28bd1fd66e80925d884df39b0a2dea999f8f5413a71e9712b78e77658b4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96F0F891F2990681FF289B7EEC901751351BF84B98B081130CE0E86269DE1CE89182A8
                                                                                                                                                                                                              Function 00007FFBB18848F4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$Bytes_Err_FromO_ctrlSize
                                                                                                                                                                                                              • String ID: Not a memory BIO
                                                                                                                                                                                                              • API String ID: 2349510700-587638661
                                                                                                                                                                                                              • Opcode ID: fbb48ca63fae4db7af9f9a5c4654398f47f3e795fae76adef6b4d38cd29428e0
                                                                                                                                                                                                              • Instruction ID: 9928f8d413b04d51e0d438d0485f4135f6d7e9de797cf540dc1a332cbcbd678f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbb48ca63fae4db7af9f9a5c4654398f47f3e795fae76adef6b4d38cd29428e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92F05EA6A3A64382EB14DB79EC9477923A1FF84798F405131EA4E86924DF3CD448C704
                                                                                                                                                                                                              Function 00007FFBAB561FB0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strncmp
                                                                                                                                                                                                              • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                              • API String ID: 1114863663-87138338
                                                                                                                                                                                                              • Opcode ID: 8c364d9f7697f15a55bc755bfe662b8d9c35c3fd34f27cade82d87210dead623
                                                                                                                                                                                                              • Instruction ID: fec87b10df59d507a73b6997dcd778b1847949965f2476fb1e2819de03448a09
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c364d9f7697f15a55bc755bfe662b8d9c35c3fd34f27cade82d87210dead623
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A61F8B2F2924146E7628E25E430679B252FB847A0F58C239ED69476E6DF3DD441C700
                                                                                                                                                                                                              Function 00007FFBAB6B838C Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyType_GetModuleState.PYTHON312(?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6B83C1
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6C2574: PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FFBAB6B83DB,?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6C25AB
                                                                                                                                                                                                                • Part of subcall function 00007FFBAB6C2574: PyList_New.PYTHON312(?,?,?,00007FFBAB6B83DB,?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6C25BE
                                                                                                                                                                                                              • PyEval_SaveThread.PYTHON312(?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6B83E8
                                                                                                                                                                                                              • PyEval_RestoreThread.PYTHON312(?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6B8401
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,00000000,?,?,?,00007FFBAB6B8041), ref: 00007FFBAB6B84C1
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_Thread$Bytes_DeallocFromList_ModuleRestoreSaveSizeStateStringType_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2935988267-0
                                                                                                                                                                                                              • Opcode ID: 00cfe97c0164a270be03c1d104ab45d7f8779960225675756503997d0fd06301
                                                                                                                                                                                                              • Instruction ID: 63652f80a3a81998fb1d2dcf7e6a79abf6eccbd4819819957c4ea0bc0d6433b4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00cfe97c0164a270be03c1d104ab45d7f8779960225675756503997d0fd06301
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A41A463A4AA4285EA6A8F79DC4417AABA4FF85788F5CA035DD1D43660DF3CE445C300
                                                                                                                                                                                                              Function 00007FFBB188431C Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8c090e4d1229da274937496999d98a50fb3f26524c9723a163d0333dc672f518
                                                                                                                                                                                                              • Instruction ID: de24aaf57ce7c7c9b115f46e8fbfa280be9bbafc4f757e2e3aafb63dbb855e05
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c090e4d1229da274937496999d98a50fb3f26524c9723a163d0333dc672f518
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C21B277A2DB4282EB24CB78E88476A63A1FF45768F140231CB5D87B84DF3CE4458704
                                                                                                                                                                                                              Function 00007FFBB1889438 Relevance: 6.0, APIs: 4, Instructions: 41threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_Thread$ErrorFromL_get_errorL_pendingLastLongLong_R_clear_errorR_peek_last_errorRestoreSave_errno
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1598009871-0
                                                                                                                                                                                                              • Opcode ID: f25b7cbf17536b6c9c2654b299a385b819be790a76004a1cedf6d3ec7db09fbb
                                                                                                                                                                                                              • Instruction ID: e8236c9b17155a403717e0b4377ff44787b41ed14a233f59ad031b6d18eeb959
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f25b7cbf17536b6c9c2654b299a385b819be790a76004a1cedf6d3ec7db09fbb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19117C76E18B828AD720DF39E84006EA721FB89B98B144635EF4947B59DF3CD4818784
                                                                                                                                                                                                              Function 00007FFBAB6B76FC Relevance: 6.0, APIs: 4, Instructions: 40threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocFreeMem_Thread_free_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2783890233-0
                                                                                                                                                                                                              • Opcode ID: 01b42428c534275dc39dda495b1f2b4eedd2e9a3cd2baa85ec5288ad07ab9b92
                                                                                                                                                                                                              • Instruction ID: 2baebbd560798e9ee6285a0fe31fde7ff5545b65d00fd6f5c97a5e5461988c1d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01b42428c534275dc39dda495b1f2b4eedd2e9a3cd2baa85ec5288ad07ab9b92
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B1116A1A4B94285EAAB8FB9DD547B8A370FF45B84F18E030CE2E46575CF3CE4559300
                                                                                                                                                                                                              Function 00007FFBBC34188C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643202156.00007FFBBC341000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBBC340000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643187247.00007FFBBC340000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643218174.00007FFBBC343000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643233388.00007FFBBC345000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643248571.00007FFBBC346000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbbc340000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                              • Opcode ID: bc16d0604cc177401cf6368feb1a2cc2c14196b89b3f74cba9820d069c327a43
                                                                                                                                                                                                              • Instruction ID: ec6c0b6ac3411eff173ff304ee7f909508fd83353931b133b58d884dd02dedbf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc16d0604cc177401cf6368feb1a2cc2c14196b89b3f74cba9820d069c327a43
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 391118A6B14F018AEB40CB74E8596A833A4FB19B59F840E31DB6E477A4DF78D1588380
                                                                                                                                                                                                              Function 00007FFBAB562BEC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                              • Opcode ID: 109ceed06940f0f17d4484f54d46a13cc3e2d9acbfc7514a401e54a12864ff88
                                                                                                                                                                                                              • Instruction ID: 9a38048e323d9667896498be32cfc2de529a0c2e0927c3064e462affdc5d164d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 109ceed06940f0f17d4484f54d46a13cc3e2d9acbfc7514a401e54a12864ff88
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C114C72B25F058AEB01CF70E8642A833A4FB19768F445A35DE2D42BA4DF38D1948380
                                                                                                                                                                                                              Function 00007FFBAB6C3A1C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                              • Opcode ID: e14f81335c7f0e89c555c48fc70369245093cfa0888173eb1084b591f0c493ce
                                                                                                                                                                                                              • Instruction ID: c97ac7a2fea551fc9aeb67ba10dd7703277bdeb50672826d0b6f6646276e429a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e14f81335c7f0e89c555c48fc70369245093cfa0888173eb1084b591f0c493ce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB114562B16F018AEB408F74EC442B873A4FB59758F046E31EE2D867A4DF7CD5688340
                                                                                                                                                                                                              Function 00007FFBB1882D10 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                              • Opcode ID: b847a72d9974e7207d32ab179933fb51b6ceac302dbc2e6461ed0ed17bbca003
                                                                                                                                                                                                              • Instruction ID: b6df226973219af2842ffac81f04fd48ccaaeb64e241ed5963c63d842af8bd04
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b847a72d9974e7207d32ab179933fb51b6ceac302dbc2e6461ed0ed17bbca003
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02111862B25B058AEB009F74EC542A833A4FB19758F440A31DB6D867A4DF7CD159C344
                                                                                                                                                                                                              Function 00007FFBC313165C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2643281784.00007FFBC3131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFBC3130000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643266263.00007FFBC3130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643298480.00007FFBC3133000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643315453.00007FFBC3135000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2643331694.00007FFBC3136000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbc3130000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                              • Opcode ID: 7f6b854855521a5eeb54a69c346efd32b0b439a43f7217cfd0872cc224e201bb
                                                                                                                                                                                                              • Instruction ID: 5cc59a6c8cf725a04e3c4ea784c39c78859aaf1cd8e3e6ef35c0ef5085eff589
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f6b854855521a5eeb54a69c346efd32b0b439a43f7217cfd0872cc224e201bb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75112A66B14F418AEB40CF70E8546BA33A4FB59B58F880E31DA6D967A4DF7CD1588380
                                                                                                                                                                                                              Function 00007FFBB1888D08 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: P_get_type$J_nid2snL_get_current_compression
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 142675065-0
                                                                                                                                                                                                              • Opcode ID: 1642096f58ad515430221e8800d2727749fb8addc240232be0ed16fc714d6e29
                                                                                                                                                                                                              • Instruction ID: af763a1ff74f3e25409333c538e29546407683cf5ac9bc2443cf4feb2c7e9b9d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1642096f58ad515430221e8800d2727749fb8addc240232be0ed16fc714d6e29
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4F0FE90F2B60281FF295B7AEC549341291BF59B49B280535CA1E4B360EE2CE445C728
                                                                                                                                                                                                              Function 00007FFBB188B4F0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Eval_Thread$FreeMem_O_free_allObject_RestoreSaveTrackX_free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3459953665-0
                                                                                                                                                                                                              • Opcode ID: f9280e76d9450405a8f2c46511b04f26c8f22781d01615a98c6f0b2d258b5b8d
                                                                                                                                                                                                              • Instruction ID: b18de5da88c07341d86887e2ac632a0d503342421b7302d2b18cc3fb0a624b7d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9280e76d9450405a8f2c46511b04f26c8f22781d01615a98c6f0b2d258b5b8d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57F0DAB6A68A4681EB049F3AED841786361FB88FA9F085030DF5E46365CF3CD895C714
                                                                                                                                                                                                              Function 00007FFBB188467C Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: X509_$E_get0_objectsE_lockE_unlockL_sk_deep_copy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1564091015-0
                                                                                                                                                                                                              • Opcode ID: bbb1be58ac2ea6e21d67e0dd3fff85eecb10d42c225a6cb709290aaff57eccba
                                                                                                                                                                                                              • Instruction ID: 95853d6641f1129d1c9632a61bbe4ad84df57df35bed0dd0782f195f3850f2ab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bbb1be58ac2ea6e21d67e0dd3fff85eecb10d42c225a6cb709290aaff57eccba
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08F039A1A28743C1EB549B7AFD444786762BF48FECF440135DE0E83764EE2CE4888328
                                                                                                                                                                                                              Function 00007FFBB18872B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_FreeMem_Parse_Size
                                                                                                                                                                                                              • String ID: ascii
                                                                                                                                                                                                              • API String ID: 2971325497-3510295289
                                                                                                                                                                                                              • Opcode ID: 066effd5417c6e0c073d80614f41f9c798c9ce676188631b94b679a5a63df2cf
                                                                                                                                                                                                              • Instruction ID: 475e94ad745cb1822db42e8037118698a5ba140b58172de1c5075f7bfce7f76e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 066effd5417c6e0c073d80614f41f9c798c9ce676188631b94b679a5a63df2cf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7111C76618B8185DB10CF26F840569B7A5FB88FC4F584136EF8D83B28DF38D5518704
                                                                                                                                                                                                              Function 00007FFBB18874DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_FreeMem_Parse_Size
                                                                                                                                                                                                              • String ID: ascii
                                                                                                                                                                                                              • API String ID: 2971325497-3510295289
                                                                                                                                                                                                              • Opcode ID: fbc2283bfb5b29e837c92076e2cb4af6ca3dd11bd12b056f018ec09bc3d4609f
                                                                                                                                                                                                              • Instruction ID: 1b3440025bae088e738650779ebfa7d4e282e0941b495cc9c5907fd7d0ecfaab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbc2283bfb5b29e837c92076e2cb4af6ca3dd11bd12b056f018ec09bc3d4609f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26115161A28B8581EB108B6AF844B6A63A5FB88BC8F504235EB8D47B28DF3CD4418744
                                                                                                                                                                                                              Function 00007FFBB18892F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_CheckObject_PositionalTrue
                                                                                                                                                                                                              • String ID: getpeercert
                                                                                                                                                                                                              • API String ID: 341638686-200429401
                                                                                                                                                                                                              • Opcode ID: d965e4447377b3539e19047090a395a6634d7b247d4a84d8e7255c050dbde805
                                                                                                                                                                                                              • Instruction ID: 85f05dcb4573a0351498efc19538f20f77af3b59c03d4c68f84322c81dc2e352
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d965e4447377b3539e19047090a395a6634d7b247d4a84d8e7255c050dbde805
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F501B171F18A5185E7009F2AEC400296661FBC8FC8B4C6031DF1D87B58CE39E4418704
                                                                                                                                                                                                              Function 00007FFBAB564C28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                              • String ID: no such name
                                                                                                                                                                                                              • API String ID: 3678473424-4211486178
                                                                                                                                                                                                              • Opcode ID: 3005c2e76ccdbfdbb1504f9de79cdf15a2dc4c168f6a8fbb72cf26d2d18b7585
                                                                                                                                                                                                              • Instruction ID: f79b2d7717f509d1f4bcd5aee4435f7cf31481f3542f261a3dd25e3eb4b15645
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3005c2e76ccdbfdbb1504f9de79cdf15a2dc4c168f6a8fbb72cf26d2d18b7585
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D50121B1A2AA4695FB628B35E8747B96390BF98748F489035DE5E46776FE3CE0048700
                                                                                                                                                                                                              Function 00007FFBB188C564 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Cannot set verify_mode to CERT_NONE when check_hostname is enabled., xrefs: 00007FFBB188C5A2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String$Arg_Parse_Size
                                                                                                                                                                                                              • String ID: Cannot set verify_mode to CERT_NONE when check_hostname is enabled.
                                                                                                                                                                                                              • API String ID: 1619524773-288992553
                                                                                                                                                                                                              • Opcode ID: c7fd3cbe9800db86c40f20b1de7fac90ca671e0d20a220d256f851d0efb4f216
                                                                                                                                                                                                              • Instruction ID: d221d2094df3faca1ccab9f6add898f57dccf4d25f6494df0dea5e6d7abf2da3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7fd3cbe9800db86c40f20b1de7fac90ca671e0d20a220d256f851d0efb4f216
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6AF036E5E2850381EF248F3EDC400B527A1BF9479CB145132DB1D46798DF3CE5848758
                                                                                                                                                                                                              Function 00007FFBB188BA94 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_StringX_get_verify_mode
                                                                                                                                                                                                              • String ID: invalid return value from SSL_CTX_get_verify_mode
                                                                                                                                                                                                              • API String ID: 3939857436-2501269723
                                                                                                                                                                                                              • Opcode ID: 251c998c85afaa5d3350394f4007d018b28c9155b2fbf79c37e155c0d14fee10
                                                                                                                                                                                                              • Instruction ID: 0a5357b7406c9438bda97eb5114abe5239d76eac9a5cef9110e2d4f93ebadc41
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 251c998c85afaa5d3350394f4007d018b28c9155b2fbf79c37e155c0d14fee10
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DF030A2A2984681EB284B3DDC9657953A1FB88B5DF180035C71FCA6B0CD1CD8D2C308
                                                                                                                                                                                                              Function 00007FFBB1882658 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Capsule_ImportModule_State
                                                                                                                                                                                                              • String ID: _socket.CAPI
                                                                                                                                                                                                              • API String ID: 2652237932-3774308389
                                                                                                                                                                                                              • Opcode ID: 58362c7c2bbd5d566ece41dea4d169f2d73a7b3a78cd7e43f0798399f6eb800c
                                                                                                                                                                                                              • Instruction ID: 489949c67607eb913c53e33846e59bc7b1613ef4facae2146a2ed862938b713f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58362c7c2bbd5d566ece41dea4d169f2d73a7b3a78cd7e43f0798399f6eb800c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11E0C0B1A2A50287FB65CB7CDC542342392BF48B2CB584634C61D8A390DE2DE891C314
                                                                                                                                                                                                              Function 00007FFBB188C38C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642788649.00007FFBB1881000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBB1880000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642773056.00007FFBB1880000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642805804.00007FFBB188D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642828383.00007FFBB18A0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642843593.00007FFBB18A1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642859385.00007FFBB18A7000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642874888.00007FFBB18A9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbb1880000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_Object_StringTrue
                                                                                                                                                                                                              • String ID: cannot delete attribute
                                                                                                                                                                                                              • API String ID: 1323943456-1747274469
                                                                                                                                                                                                              • Opcode ID: 3d7ecd5450efbc1e430a5ae054280d862bf106feafa9da69c465e00e4007047e
                                                                                                                                                                                                              • Instruction ID: ddd6d88d404e945ee7c5b0b8a33d469fcf0aa465eb583fb53f9482b29c37ddb1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d7ecd5450efbc1e430a5ae054280d862bf106feafa9da69c465e00e4007047e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37E012E5A28503C1EB18CB7EDC540782262BF447BCB105731CB2DCA2D4EF2CD5868748
                                                                                                                                                                                                              Function 00007FFBAB5625A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _PyObject_GC_New.PYTHON312(?,?,00000000,00007FFBAB562513), ref: 00007FFBAB5625A6
                                                                                                                                                                                                              • PyObject_GC_Track.PYTHON312(?,?,00000000,00007FFBAB562513), ref: 00007FFBAB5625D8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642159954.00007FFBAB561000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFBAB560000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642144793.00007FFBAB560000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB565000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB5C2000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB60E000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB612000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB617000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642175555.00007FFBAB66F000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642323942.00007FFBAB672000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642339969.00007FFBAB674000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab560000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object_$Track
                                                                                                                                                                                                              • String ID: 3.2.0
                                                                                                                                                                                                              • API String ID: 16854473-1786766648
                                                                                                                                                                                                              • Opcode ID: 05fdb2ae452a8d6f4b3be3f11c3efdbfda8cc49ab31c9f152460280c20d50ee3
                                                                                                                                                                                                              • Instruction ID: d58d03838c3ca01a77b114840b8bab9133756beab43ab855a963d5d67661f3f4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05fdb2ae452a8d6f4b3be3f11c3efdbfda8cc49ab31c9f152460280c20d50ee3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0E0E5B4A67B0591EB268F31F87407463A4BF18744B5C8539CD6D06331EF3CE554C240
                                                                                                                                                                                                              Function 00007FFBAB6B9D80 Relevance: 5.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000002.00000002.2642446490.00007FFBAB6B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBAB6B0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642431182.00007FFBAB6B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6C8000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642466250.00007FFBAB6CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642499855.00007FFBAB6D4000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000002.00000002.2642514410.00007FFBAB6D5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7ffbab6b0000_lcc222.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy$memmove
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1283327689-0
                                                                                                                                                                                                              • Opcode ID: eee6edfa71bb2dedfcc37b73b2f55b6b239783ac4416e26ed470dd15ede7d960
                                                                                                                                                                                                              • Instruction ID: 13f56ba90f4767f780cd9cf03302679b09dc8b50f9e0e3b19c80a2332caeb8b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eee6edfa71bb2dedfcc37b73b2f55b6b239783ac4416e26ed470dd15ede7d960
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB31F67271A64583DA259F7AEC0407DF761FB55B90B189139DFAE07BA4DE3CE4428700