Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zapret.exe

Overview

General Information

Sample name:zapret.exe
Analysis ID:1561801
MD5:b334e071601498fe209fa9553b37d7ad
SHA1:d41a57e6ac317d9f7a192ed8502b3c138b16d3e6
SHA256:889766832b793b6971c21bde6fef741285af8b9adc16a29dbdde54ad7c450465
Tags:exeuser-Bacn
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to infect the boot sector
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • zapret.exe (PID: 6352 cmdline: "C:\Users\user\Desktop\zapret.exe" MD5: B334E071601498FE209FA9553B37D7AD)
    • zapret.exe (PID: 6544 cmdline: "C:\Users\user\Desktop\zapret.exe" MD5: B334E071601498FE209FA9553B37D7AD)
      • cmd.exe (PID: 5816 cmdline: C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 1908 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 1596 cmdline: C:\Windows\system32\cmd.exe /c "wmic baseboard get manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 1136 cmdline: wmic baseboard get manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 2916 cmdline: C:\Windows\system32\cmd.exe /c "wmic diskdrive get serialnumber" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 6036 cmdline: wmic diskdrive get serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 1448 cmdline: C:\Windows\system32\cmd.exe /c "wmic cpu get serialnumber" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 2316 cmdline: wmic cpu get serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 5040 cmdline: C:\Windows\system32\cmd.exe /c "wmic bios get serialnumber" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 6072 cmdline: wmic bios get serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 2872 cmdline: C:\Windows\system32\cmd.exe /c "wmic baseboard get serialnumber" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 5296 cmdline: wmic baseboard get serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://canvas.pet/kv122km3.txtAvira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: zapret.exeReversingLabs: Detection: 18%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 85.1% probability
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B24A20 PyCMethod_New,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,1_2_61B24A20
Source: zapret.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3247065389.00007FFE148E4000.00000002.00000001.01000000.0000000A.sdmp, select.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3245992367.00007FFE1151D000.00000002.00000001.01000000.0000000E.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3246379107.00007FFE126C3000.00000002.00000001.01000000.0000001B.sdmp, _uuid.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1l 24 Aug 2021built on: Thu Aug 26 18:34:57 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: zapret.exe, 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: zapret.exe, 00000001.00000002.3244964504.00007FFE01395000.00000002.00000001.01000000.00000015.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3246140099.00007FFE11BBF000.00000002.00000001.01000000.0000000D.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb?? source: zapret.exe, 00000001.00000002.3244964504.00007FFE01395000.00000002.00000001.01000000.00000015.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: zapret.exe, 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3246720941.00007FFE130C3000.00000002.00000001.01000000.00000017.sdmp, _queue.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb source: zapret.exe, 00000001.00000002.3246261092.00007FFE11BE0000.00000002.00000001.01000000.0000000B.sdmp, pywintypes39.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: zapret.exe, 00000001.00000002.3245441452.00007FFE0E13D000.00000002.00000001.01000000.00000013.sdmp, _ssl.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3245725589.00007FFE101D8000.00000002.00000001.01000000.00000016.sdmp, _hashlib.pyd.0.dr
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: zapret.exe, 00000000.00000003.1985676103.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3246838449.00007FFE13305000.00000002.00000001.01000000.0000000C.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3245992367.00007FFE1151D000.00000002.00000001.01000000.0000000E.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\win32trace.pdb source: zapret.exe, 00000000.00000003.1995556325.000002D749091000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: zapret.exe, 00000000.00000003.1985544182.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3247319476.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\_win32sysloader.pdb source: zapret.exe, 00000000.00000003.1987860152.000002D749091000.00000004.00000020.00020000.00000000.sdmp, _win32sysloader.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb** source: zapret.exe, 00000001.00000002.3246261092.00007FFE11BE0000.00000002.00000001.01000000.0000000B.sdmp, pywintypes39.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: zapret.exe, 00000001.00000002.3246506658.00007FFE126E1000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb source: zapret.exe, 00000001.00000002.3245612739.00007FFE0E173000.00000002.00000001.01000000.00000010.sdmp, win32api.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\pythoncom.pdb source: zapret.exe, 00000001.00000002.3245151739.00007FFE0142C000.00000002.00000001.01000000.0000000F.sdmp, pythoncom39.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3247247721.00007FFE1A4F2000.00000002.00000001.01000000.00000006.sdmp, python3.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3246950415.00007FFE13339000.00000002.00000001.01000000.00000009.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: zapret.exe, 00000000.00000003.1995090704.000002D749096000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3244628260.00007FFDFFD4B000.00000002.00000001.01000000.0000001A.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: zapret.exe, 00000001.00000002.3244136179.00007FFDFB5CC000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\pythoncom.pdb}},GCTL source: zapret.exe, 00000001.00000002.3245151739.00007FFE0142C000.00000002.00000001.01000000.0000000F.sdmp, pythoncom39.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb!! source: zapret.exe, 00000001.00000002.3245612739.00007FFE0E173000.00000002.00000001.01000000.00000010.sdmp, win32api.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\win32ui.pdb source: win32ui.pyd.0.dr
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF756428730 FindFirstFileExW,FindClose,0_2_00007FF756428730
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FF756428730 FindFirstFileExW,FindClose,1_2_00007FF756428730
Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
Source: Joe Sandbox ViewIP Address: 185.199.111.133 185.199.111.133
Source: unknownDNS query: name: api.ipify.org
Source: unknownDNS query: name: api.ipify.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B136D0 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,1_2_61B136D0
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
Source: zapret.exe, 00000001.00000002.3242735835.00000280E27F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: zapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://canvas.pet/kv122km3.txt
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlO
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlce
Source: zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlS
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: zapret.exe, 00000001.00000002.3242773451.00000280E2860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: zapret.exe, 00000001.00000002.3241658823.00000280E1F40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
Source: zapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: zapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1E87000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1E87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: zapret.exe, 00000001.00000002.3241695700.00000280E1F80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esH
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0O
Source: zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: zapret.exe, 00000001.00000002.3242202444.00000280E23DC000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: zapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/dll
Source: zapret.exe, 00000001.00000002.3242928417.00000280E2960000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://timgolden.me.uk/python/wmi.html
Source: zapret.exe, 00000001.00000002.3242662672.00000280E2770000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/c)
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: zapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: zapret.exe, 00000001.00000002.3242888675.00000280E2920000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242522127.00000280E2566000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242522127.00000280E2566000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.phpFN
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: zapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E238D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: zapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
Source: zapret.exe, 00000001.00000002.3243005561.00000280E29F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
Source: zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1309876516099854346/NlmIv0BUlP0y3DODPLAmrEm_t2a4-__dOn_mRm2KytzcqpD
Source: zapret.exe, 00000001.00000002.3241941981.00000280E2170000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: zapret.exe, 00000001.00000003.1998232364.00000280E119B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1999490910.00000280DF887000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998416560.00000280DF887000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1999375692.00000280DF864000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998277272.00000280E1191000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998250799.00000280E1195000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: zapret.exe, 00000001.00000002.3241658823.00000280E1F40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: zapret.exe, 00000000.00000003.1994772189.000002D749091000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mhammond/pywi
Source: zapret.exe, zapret.exe, 00000001.00000002.3246307992.00007FFE11BF1000.00000002.00000001.01000000.0000000B.sdmp, zapret.exe, 00000001.00000002.3245256763.00007FFE01474000.00000002.00000001.01000000.0000000F.sdmp, zapret.exe, 00000001.00000002.3245660485.00007FFE0E181000.00000002.00000001.01000000.00000010.sdmp, win32api.pyd.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.dr, pywintypes39.dll.0.dr, _win32sysloader.pyd.0.dr, pythoncom39.dll.0.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: zapret.exe, 00000001.00000002.3242888675.00000280E2920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: zapret.exe, 00000001.00000002.3240660403.00000280E1610000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998250799.00000280E1195000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: zapret.exe, 00000001.00000003.1998250799.00000280E1195000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: zapret.exe, 00000001.00000003.1998232364.00000280E119B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1999490910.00000280DF887000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998416560.00000280DF887000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1999375692.00000280DF864000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998277272.00000280E1191000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998250799.00000280E1195000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: zapret.exe, 00000001.00000003.1998232364.00000280E119B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1999490910.00000280DF887000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998416560.00000280DF887000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1999375692.00000280DF864000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998277272.00000280E1191000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998250799.00000280E1195000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: zapret.exe, 00000001.00000002.3241941981.00000280E2170000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1E87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: zapret.exe, 00000001.00000002.3242699160.00000280E27B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: zapret.exe, 00000001.00000002.3242166289.00000280E22F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: zapret.exe, 00000001.00000002.3242166289.00000280E22F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290tp2
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240300839.00000280DF88F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1E87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: zapret.exe, 00000001.00000002.3240300839.00000280DF88F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: zapret.exe, 00000001.00000002.3242130851.00000280E22A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E23DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: zapret.exe, 00000001.00000002.3242166289.00000280E22F0000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242058781.00000280E2210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: zapret.exe, 00000001.00000002.3244136179.00007FFDFB5CC000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BIOS_Serial_List.txt
Source: zapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Manufacturer_List.txt
Source: zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Serial_List.txt
Source: zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Serial_List.txt20
Source: zapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/CPU_Serial_List.txt
Source: zapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/DiskDrive_Serial_List.txt
Source: zapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/HwProfileGuid_List.txt
Source: zapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/MachineGuid.txt
Source: zapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/MachineGuid.txtP
Source: zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/gpu_list.txt
Source: zapret.exe, 00000001.00000002.3241587109.00000280E1EC0000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3243005561.00000280E29F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/hwid_list.txt
Source: zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/ip_list.txt
Source: zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/mac_list.txt
Source: zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_name_list.txt
Source: zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_platforms.txt
Source: zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txt
Source: zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txt.
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242848512.00000280E28E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: zapret.exe, 00000001.00000002.3241658823.00000280E1F40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240300839.00000280DF88F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: zapret.exe, 00000001.00000002.3242166289.00000280E22F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: zapret.exe, 00000001.00000002.3242058781.00000280E2210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: zapret.exe, 00000001.00000002.3242058781.00000280E2210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsp
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749097000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1995090704.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1988562772.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmp, zapret.exe, 00000001.00000002.3245018859.00007FFE013CA000.00000002.00000001.01000000.00000015.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E23DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: zapret.exe, 00000000.00000003.1996084683.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3241091004.00000280E1B20000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: zapret.exe, 00000001.00000002.3241018374.00000280E1A90000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1E87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B136D0 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,1_2_61B136D0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B12510: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle,1_2_61B12510
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF756428DE00_2_00007FF756428DE0
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7564297E00_2_00007FF7564297E0
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7564297C00_2_00007FF7564297C0
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF75643506A0_2_00007FF75643506A
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF75642B4200_2_00007FF75642B420
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7564295D00_2_00007FF7564295D0
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF75642C1C00_2_00007FF75642C1C0
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF75642BF000_2_00007FF75642BF00
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF7564226A00_2_00007FF7564226A0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B065801_2_61B06580
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B590B01_2_61B590B0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B490A01_2_61B490A0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B610701_2_61B61070
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B810501_2_61B81050
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B143901_2_61B14390
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B683F01_2_61B683F0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B7F3201_2_61B7F320
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B203601_2_61B20360
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B572901_2_61B57290
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B422D01_2_61B422D0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B142101_2_61B14210
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B282701_2_61B28270
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B075901_2_61B07590
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B585901_2_61B58590
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B1B7F01_2_61B1B7F0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B677F01_2_61B677F0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B297C01_2_61B297C0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B287601_2_61B28760
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B2E6301_2_61B2E630
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B2B6601_2_61B2B660
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B179F01_2_61B179F0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B2E8B01_2_61B2E8B0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B038D61_2_61B038D6
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B178501_2_61B17850
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B24BA01_2_61B24BA0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B29BE01_2_61B29BE0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B57B751_2_61B57B75
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B56AD01_2_61B56AD0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B03AC11_2_61B03AC1
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B15A301_2_61B15A30
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B09A501_2_61B09A50
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B07D901_2_61B07D90
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B59D201_2_61B59D20
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B23D701_2_61B23D70
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B2CCA01_2_61B2CCA0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B67CD01_2_61B67CD0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B26CC01_2_61B26CC0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B20C201_2_61B20C20
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B09C101_2_61B09C10
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B14C401_2_61B14C40
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B17F101_2_61B17F10
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B41F421_2_61B41F42
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B16E901_2_61B16E90
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B10E921_2_61B10E92
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B27E801_2_61B27E80
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B01E101_2_61B01E10
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FF7564226A01_2_00007FF7564226A0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FF7564297E01_2_00007FF7564297E0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FF7564297C01_2_00007FF7564297C0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FF75643506A1_2_00007FF75643506A
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FF756428DE01_2_00007FF756428DE0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FF7564295D01_2_00007FF7564295D0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FF75642BF001_2_00007FF75642BF00
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FF75642B4201_2_00007FF75642B420
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FF75642C1C01_2_00007FF75642C1C0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF550A61_2_00007FFDFAF550A6
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB08FB401_2_00007FFDFB08FB40
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF54F391_2_00007FFDFAF54F39
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF5216C1_2_00007FFDFAF5216C
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB1079801_2_00007FFDFB107980
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAFBFA001_2_00007FFDFAFBFA00
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB0EFA101_2_00007FFDFB0EFA10
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF541601_2_00007FFDFAF54160
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF521B71_2_00007FFDFAF521B7
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF5609B1_2_00007FFDFAF5609B
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF5266C1_2_00007FFDFAF5266C
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF547411_2_00007FFDFAF54741
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB07FE601_2_00007FFDFB07FE60
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF52D0B1_2_00007FFDFAF52D0B
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF522891_2_00007FFDFAF52289
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF6BF201_2_00007FFDFAF6BF20
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF6BD601_2_00007FFDFAF6BD60
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF5724D1_2_00007FFDFAF5724D
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF51EA11_2_00007FFDFAF51EA1
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF551641_2_00007FFDFAF55164
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF553A31_2_00007FFDFAF553A3
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF568C51_2_00007FFDFAF568C5
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF56EEC1_2_00007FFDFAF56EEC
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF5114F1_2_00007FFDFAF5114F
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF529CD1_2_00007FFDFAF529CD
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB1071D01_2_00007FFDFB1071D0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF6F2001_2_00007FFDFAF6F200
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF6F0601_2_00007FFDFAF6F060
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF5144C1_2_00007FFDFAF5144C
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF5659B1_2_00007FFDFAF5659B
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF5542A1_2_00007FFDFAF5542A
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF515C81_2_00007FFDFAF515C8
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF5655F1_2_00007FFDFAF5655F
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB0878001_2_00007FFDFB087800
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF7B8501_2_00007FFDFAF7B850
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF554C51_2_00007FFDFAF554C5
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF7B4C01_2_00007FFDFAF7B4C0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF55F0B1_2_00007FFDFAF55F0B
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF55D851_2_00007FFDFAF55D85
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF55D9E1_2_00007FFDFAF55D9E
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF522AC1_2_00007FFDFAF522AC
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF511CC1_2_00007FFDFAF511CC
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF54E491_2_00007FFDFAF54E49
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF5275C1_2_00007FFDFAF5275C
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF523F11_2_00007FFDFAF523F1
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF510AA1_2_00007FFDFAF510AA
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB0870201_2_00007FFDFB087020
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF512171_2_00007FFDFAF51217
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF543FE1_2_00007FFDFAF543FE
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB032E701_2_00007FFDFB032E70
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF6EF001_2_00007FFDFAF6EF00
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF572BB1_2_00007FFDFAF572BB
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF5213F1_2_00007FFDFAF5213F
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF51B221_2_00007FFDFAF51B22
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF54CFF1_2_00007FFDFAF54CFF
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF56D571_2_00007FFDFAF56D57
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB08AD501_2_00007FFDFB08AD50
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF514241_2_00007FFDFAF51424
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB1062901_2_00007FFDFB106290
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF51B311_2_00007FFDFAF51B31
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF536931_2_00007FFDFAF53693
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF54C321_2_00007FFDFAF54C32
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB0826701_2_00007FFDFB082670
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF51A4B1_2_00007FFDFAF51A4B
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF546791_2_00007FFDFAF54679
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF5655A1_2_00007FFDFAF5655A
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF56FF51_2_00007FFDFAF56FF5
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF55E201_2_00007FFDFAF55E20
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF535FD1_2_00007FFDFAF535FD
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF530C11_2_00007FFDFAF530C1
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB18DA801_2_00007FFDFB18DA80
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB0F1A901_2_00007FFDFB0F1A90
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF56A821_2_00007FFDFAF56A82
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB085B401_2_00007FFDFB085B40
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF559F21_2_00007FFDFAF559F2
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF54AC01_2_00007FFDFAF54AC0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFB1059F01_2_00007FFDFB1059F0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF554CA1_2_00007FFDFAF554CA
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF521351_2_00007FFDFAF52135
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF553BC1_2_00007FFDFAF553BC
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF570401_2_00007FFDFAF57040
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF53FD51_2_00007FFDFAF53FD5
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF572A21_2_00007FFDFAF572A2
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF756422E10 appears 92 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FFDFAF52A04 appears 124 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF756422F90 appears 34 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 61BA2C20 appears 65 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FFDFAF51EF1 appears 969 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FFDFAF54836 appears 75 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FFDFAF56988 appears 38 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FFDFAF524B9 appears 54 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FF756422EF0 appears 200 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FFDFAF54052 appears 463 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 61B1D6F0 appears 235 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 61BA2C68 appears 48 times
Source: C:\Users\user\Desktop\zapret.exeCode function: String function: 00007FFDFAF52734 appears 328 times
Source: pyarmor_runtime.pyd.0.drStatic PE information: Number of sections : 11 > 10
Source: zapret.exeStatic PE information: Number of sections : 12 > 10
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1994772189.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes39.dll0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.1985676103.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs zapret.exe
Source: zapret.exe, 00000000.00000003.1994529280.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom39.dll0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.1995427629.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.1987860152.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1987903424.000002D74909C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.1995556325.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1989821238.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs zapret.exe
Source: zapret.exe, 00000000.00000003.1986610630.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1985544182.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs zapret.exe
Source: zapret.exe, 00000000.00000003.1986420276.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1993576392.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython39.dll. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1995090704.000002D749096000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1992543599.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1987597275.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs zapret.exe
Source: zapret.exe, 00000000.00000003.1995734505.000002D749091000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs zapret.exe
Source: zapret.exe, 00000000.00000003.1987860152.000002D74909C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs zapret.exe
Source: zapret.exeBinary or memory string: OriginalFilename vs zapret.exe
Source: zapret.exe, 00000001.00000002.3246556435.00007FFE126ED000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs zapret.exe
Source: zapret.exe, 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs zapret.exe
Source: zapret.exe, 00000001.00000002.3247111000.00007FFE148E7000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs zapret.exe
Source: zapret.exe, 00000001.00000002.3246307992.00007FFE11BF1000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenamepywintypes39.dll0 vs zapret.exe
Source: zapret.exe, 00000001.00000002.3246067683.00007FFE11526000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs zapret.exe
Source: zapret.exe, 00000001.00000002.3246882057.00007FFE13309000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs zapret.exe
Source: zapret.exe, 00000001.00000002.3245256763.00007FFE01474000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamepythoncom39.dll0 vs zapret.exe
Source: zapret.exe, 00000001.00000002.3246428862.00007FFE126C6000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs zapret.exe
Source: zapret.exe, 00000001.00000002.3244554997.00007FFDFB6E7000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython39.dll. vs zapret.exe
Source: zapret.exe, 00000001.00000002.3245018859.00007FFE013CA000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenamelibsslH vs zapret.exe
Source: zapret.exe, 00000001.00000002.3247247721.00007FFE1A4F2000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs zapret.exe
Source: zapret.exe, 00000001.00000002.3245771742.00007FFE101E0000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs zapret.exe
Source: zapret.exe, 00000001.00000002.3245538919.00007FFE0E154000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs zapret.exe
Source: zapret.exe, 00000001.00000002.3247366600.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs zapret.exe
Source: zapret.exe, 00000001.00000002.3246767332.00007FFE130C6000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs zapret.exe
Source: zapret.exe, 00000001.00000002.3245660485.00007FFE0E181000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs zapret.exe
Source: zapret.exe, 00000001.00000002.3244844967.00007FFDFFD51000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs zapret.exe
Source: zapret.exe, 00000001.00000002.3246998854.00007FFE13343000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs zapret.exe
Source: zapret.exe, 00000001.00000002.3246190247.00007FFE11BC5000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs zapret.exe
Source: classification engineClassification label: mal72.evad.winEXE@33/38@2/2
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF756427FA0 FormatMessageW,WideCharToMultiByte,GetLastError,0_2_00007FF756427FA0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2676:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4192:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3444:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7128:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2196:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6796:120:WilError_03
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522Jump to behavior
Source: zapret.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialnumber FROM WIN32_PROCESSOR
Source: C:\Users\user\Desktop\zapret.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: zapret.exeReversingLabs: Detection: 18%
Source: C:\Users\user\Desktop\zapret.exeFile read: C:\Users\user\Desktop\zapret.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\zapret.exe "C:\Users\user\Desktop\zapret.exe"
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Users\user\Desktop\zapret.exe "C:\Users\user\Desktop\zapret.exe"
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic baseboard get manufacturer"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic baseboard get manufacturer
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic diskdrive get serialnumber"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get serialnumber
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic cpu get serialnumber"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic cpu get serialnumber
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic bios get serialnumber"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic baseboard get serialnumber"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic baseboard get serialnumber
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Users\user\Desktop\zapret.exe "C:\Users\user\Desktop\zapret.exe"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic baseboard get manufacturer"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic diskdrive get serialnumber"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic cpu get serialnumber"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic bios get serialnumber"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic baseboard get serialnumber"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuidJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic baseboard get manufacturerJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get serialnumberJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic cpu get serialnumberJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumberJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic baseboard get serialnumberJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\zapret.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: zapret.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: zapret.exeStatic file information: File size 11430000 > 1048576
Source: zapret.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: zapret.exe, 00000000.00000003.1994897183.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3247065389.00007FFE148E4000.00000002.00000001.01000000.0000000A.sdmp, select.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3245992367.00007FFE1151D000.00000002.00000001.01000000.0000000E.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: zapret.exe, 00000000.00000003.1987761999.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3246379107.00007FFE126C3000.00000002.00000001.01000000.0000001B.sdmp, _uuid.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: zapret.exe, 00000000.00000003.1987190995.000002D749091000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1l 24 Aug 2021built on: Thu Aug 26 18:34:57 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: zapret.exe, 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: zapret.exe, 00000001.00000002.3244964504.00007FFE01395000.00000002.00000001.01000000.00000015.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: zapret.exe, 00000000.00000003.1986224760.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3246140099.00007FFE11BBF000.00000002.00000001.01000000.0000000D.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb?? source: zapret.exe, 00000001.00000002.3244964504.00007FFE01395000.00000002.00000001.01000000.00000015.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: zapret.exe, 00000000.00000003.1987039853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: zapret.exe, 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: zapret.exe, 00000000.00000003.1987328039.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3246720941.00007FFE130C3000.00000002.00000001.01000000.00000017.sdmp, _queue.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb source: zapret.exe, 00000001.00000002.3246261092.00007FFE11BE0000.00000002.00000001.01000000.0000000B.sdmp, pywintypes39.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: zapret.exe, 00000001.00000002.3245441452.00007FFE0E13D000.00000002.00000001.01000000.00000013.sdmp, _ssl.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: zapret.exe, 00000000.00000003.1986776197.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3245725589.00007FFE101D8000.00000002.00000001.01000000.00000016.sdmp, _hashlib.pyd.0.dr
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: zapret.exe, 00000000.00000003.1985676103.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3246838449.00007FFE13305000.00000002.00000001.01000000.0000000C.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: zapret.exe, 00000000.00000003.1986905970.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3245992367.00007FFE1151D000.00000002.00000001.01000000.0000000E.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\win32trace.pdb source: zapret.exe, 00000000.00000003.1995556325.000002D749091000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: zapret.exe, 00000000.00000003.1985544182.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3247319476.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\_win32sysloader.pdb source: zapret.exe, 00000000.00000003.1987860152.000002D749091000.00000004.00000020.00020000.00000000.sdmp, _win32sysloader.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb** source: zapret.exe, 00000001.00000002.3246261092.00007FFE11BE0000.00000002.00000001.01000000.0000000B.sdmp, pywintypes39.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: zapret.exe, 00000001.00000002.3246506658.00007FFE126E1000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb source: zapret.exe, 00000001.00000002.3245612739.00007FFE0E173000.00000002.00000001.01000000.00000010.sdmp, win32api.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\pythoncom.pdb source: zapret.exe, 00000001.00000002.3245151739.00007FFE0142C000.00000002.00000001.01000000.0000000F.sdmp, pythoncom39.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: zapret.exe, 00000000.00000003.1993002854.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3247247721.00007FFE1A4F2000.00000002.00000001.01000000.00000006.sdmp, python3.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: zapret.exe, 00000000.00000003.1987463853.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3246950415.00007FFE13339000.00000002.00000001.01000000.00000009.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: zapret.exe, 00000000.00000003.1985813253.000002D749091000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: zapret.exe, 00000000.00000003.1995090704.000002D749096000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3244628260.00007FFDFFD4B000.00000002.00000001.01000000.0000001A.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: zapret.exe, 00000001.00000002.3244136179.00007FFDFB5CC000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\pythoncom.pdb}},GCTL source: zapret.exe, 00000001.00000002.3245151739.00007FFE0142C000.00000002.00000001.01000000.0000000F.sdmp, pythoncom39.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb!! source: zapret.exe, 00000001.00000002.3245612739.00007FFE0E173000.00000002.00000001.01000000.00000010.sdmp, win32api.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\win32ui.pdb source: win32ui.pyd.0.dr
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-39\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF756421720 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF756421720
Source: md__mypyc.cp39-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x1e257
Source: pywintypes39.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x225f4
Source: _win32sysloader.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xc999
Source: pyarmor_runtime.pyd.0.drStatic PE information: real checksum: 0xa0be2 should be: 0xa2c4e
Source: win32trace.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x9a53
Source: md.cp39-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x70b2
Source: win32api.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x2174b
Source: _psutil_windows.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x1f645
Source: win32ui.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x126a70
Source: pythoncom39.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xadd8b
Source: zapret.exeStatic PE information: section name: /4
Source: zapret.exeStatic PE information: section name: .xdata
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: mfc140u.dll.0.drStatic PE information: section name: .didat
Source: pyarmor_runtime.pyd.0.drStatic PE information: section name: .xdata

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\zapret.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d1_2_61B12510
Source: C:\Users\user\Desktop\zapret.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d1_2_61B128C0
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\pythoncom39.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\select.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\pywintypes39.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63522\libcrypto-1_1.dllJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\zapret.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d1_2_61B12510
Source: C:\Users\user\Desktop\zapret.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d1_2_61B128C0
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF756424550 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF756424550
Source: C:\Users\user\Desktop\zapret.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialnumber FROM Win32_DiskDrive
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Source: C:\Users\user\Desktop\zapret.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\pythoncom39.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\select.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\pywintypes39.dllJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63522\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\zapret.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-9895
Source: C:\Users\user\Desktop\zapret.exeAPI coverage: 5.0 %
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_BaseBoard
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT serialnumber FROM WIN32_PROCESSOR
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF756428730 FindFirstFileExW,FindClose,0_2_00007FF756428730
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FF756428730 FindFirstFileExW,FindClose,1_2_00007FF756428730
Source: zapret.exe, 00000000.00000003.1996598442.000002D749091000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Windows\System32\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B02C80 PyEval_GetGlobals,PyFunction_NewWithQualName,_PyObject_CallFunction_SizeT,_Py_Dealloc,PyExc_RuntimeError,PyErr_Format,GetProcAddress,strlen,IsDebuggerPresent,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,PyExc_RuntimeError,PyErr_Format,PyExc_RuntimeError,PyErr_Format,PyExc_RuntimeError,PyErr_Format,PyExc_SystemExit,PyExc_SystemExit,PyExc_SystemExit,_errno,_errno,_errno,PyExc_SystemExit,_errno,_errno,_Py_Dealloc,_Py_Dealloc,1_2_61B02C80
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF756421720 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF756421720
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B12040 GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,memcpy,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersAddresses,1_2_61B12040
Source: C:\Users\user\Desktop\zapret.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\zapret.exeCode function: 0_2_00007FF756421154 GetStartupInfoW,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,exit,_cexit,0_2_00007FF756421154
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B7FDF0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,1_2_61B7FDF0
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FF756421154 GetStartupInfoW,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,exit,_cexit,1_2_00007FF756421154
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Users\user\Desktop\zapret.exe "C:\Users\user\Desktop\zapret.exe"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic baseboard get manufacturer"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic diskdrive get serialnumber"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic cpu get serialnumber"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic bios get serialnumber"Jump to behavior
Source: C:\Users\user\Desktop\zapret.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic baseboard get serialnumber"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuidJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic baseboard get manufacturerJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get serialnumberJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic cpu get serialnumberJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumberJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic baseboard get serialnumberJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\pywintypes39.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\j191cc7_ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpczg4b3hw VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\pythoncom39.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\win32api.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\pyarmor_runtime_000000\pyarmor_runtime.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer\md.cp39-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer\md__mypyc.cp39-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\_uuid.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpczg4b3hw VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpczg4b3hw\gen_py\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpczg4b3hw\gen_py\dicts.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeQueries volume information: C:\Users\user\Desktop\zapret.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_61B7FD10 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,1_2_61B7FD10
Source: C:\Users\user\Desktop\zapret.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\zapret.exeCode function: 1_2_00007FFDFAF52B5D bind,WSAGetLastError,1_2_00007FFDFAF52B5D

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
Windows Management Instrumentation		1
Bootkit		11
Process Injection		22
Virtualization/Sandbox Evasion		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		22
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Native API		1
DLL Side-Loading		1
DLL Side-Loading		11
Process Injection		LSASS Memory241
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager22
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
Process Discovery		Distributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Bootkit		LSA Secrets1
System Network Configuration Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync134
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561801 Sample: zapret.exe Startdate: 24/11/2024 Architecture: WINDOWS Score: 72 51 raw.githubusercontent.com 2->51 53 api.ipify.org 2->53 59 Antivirus detection for URL or domain 2->59 61 Multi AV Scanner detection for submitted file 2->61 63 AI detected suspicious sample 2->63 9 zapret.exe 41 2->9         started        signatures3 process4 file5 43 C:\Users\user\AppData\Local\...\win32ui.pyd, PE32+ 9->43 dropped 45 C:\Users\user\AppData\...\win32trace.pyd, PE32+ 9->45 dropped 47 C:\Users\user\AppData\Local\...\win32api.pyd, PE32+ 9->47 dropped 49 30 other files (none is malicious) 9->49 dropped 67 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 9->67 69 Contains functionality to infect the boot sector 9->69 13 zapret.exe 6 9->13         started        signatures6 process7 dnsIp8 55 raw.githubusercontent.com 185.199.111.133, 443, 49744 FASTLYUS Netherlands 13->55 57 api.ipify.org 104.26.13.205, 443, 49743 CLOUDFLARENETUS United States 13->57 16 cmd.exe 1 13->16         started        18 cmd.exe 1 13->18         started        20 cmd.exe 1 13->20         started        22 3 other processes 13->22 process9 process10 24 WMIC.exe 1 16->24         started        27 conhost.exe 16->27         started        29 WMIC.exe 1 18->29         started        31 conhost.exe 18->31         started        33 WMIC.exe 1 20->33         started        35 conhost.exe 20->35         started        37 WMIC.exe 1 22->37         started        39 WMIC.exe 1 22->39         started        41 4 other processes 22->41 signatures11 65 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 24->65

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
zapret.exe18%ReversingLabsWin32.Trojan.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI63522\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_uuid.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\_win32sysloader.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer\md.cp39-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer\md__mypyc.cp39-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\mfc140u.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\psutil\_psutil_windows.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\pyarmor_runtime_000000\pyarmor_runtime.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\python39.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\pythoncom39.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\pywintypes39.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\win32api.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\win32trace.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63522\win32ui.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://canvas.pet/kv122km3.txt100%Avira URL Cloudmalware
http://repository.swisssign.com/dll0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsp0%Avira URL Cloudsafe
http://ocsp.accv.esH0%Avira URL Cloudsafe
http://www.opensource.org/licenses/mit-license.phpFN0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    raw.githubusercontent.com
    		185.199.111.133
    		truefalse
      		high
      api.ipify.org
      		104.26.13.205
      		truefalse
        		high
        fp2e7a.wpc.phicdn.net
        		192.229.221.95
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.cert.fnmt.es/dpcs/c)zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://github.com/giampaolo/psutil/issues/875.zapret.exe, 00000001.00000002.3241658823.00000280E1F40000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://github.com/mhammond/pywin32zapret.exe, zapret.exe, 00000001.00000002.3246307992.00007FFE11BF1000.00000002.00000001.01000000.0000000B.sdmp, zapret.exe, 00000001.00000002.3245256763.00007FFE01474000.00000002.00000001.01000000.0000000F.sdmp, zapret.exe, 00000001.00000002.3245660485.00007FFE0E181000.00000002.00000001.01000000.00000010.sdmp, win32api.pyd.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.dr, pywintypes39.dll.0.dr, _win32sysloader.pyd.0.dr, pythoncom39.dll.0.drfalse
                		high
                http://crl.dhimyotis.com/certignarootca.crl0zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://python.org/dev/peps/pep-0263/zapret.exe, 00000001.00000002.3244136179.00007FFDFB5CC000.00000002.00000001.01000000.00000004.sdmpfalse
                    		high
                    https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#zapret.exe, 00000001.00000003.1998232364.00000280E119B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1999490910.00000280DF887000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998416560.00000280DF887000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1999375692.00000280DF864000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998277272.00000280E1191000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998250799.00000280E1195000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Serial_List.txtzapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/MachineGuid.txtPzapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txtzapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            http://goo.gl/zeJZl.zapret.exe, 00000001.00000002.3241658823.00000280E1F40000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://tools.ietf.org/html/rfc2388#section-4.4zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.opensource.org/licenses/mit-license.phpzapret.exe, 00000001.00000002.3242888675.00000280E2920000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242522127.00000280E2566000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Serial_List.txt20zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963zapret.exe, 00000001.00000002.3241941981.00000280E2170000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl.xrampsecurity.com/XGCA.crlSzapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://canvas.pet/kv122km3.txtzapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://crl.dhimyotis.com/certignarootca.crlzapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://curl.haxx.se/rfc/cookie_spec.htmlzapret.exe, 00000001.00000002.3242773451.00000280E2860000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://ocsp.accv.eszapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://json.orgzapret.exe, 00000001.00000002.3241315068.00000280E1E87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyzapret.exe, 00000001.00000002.3242166289.00000280E22F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688zapret.exe, 00000001.00000002.3240660403.00000280E1610000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998250799.00000280E1195000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://httpbin.org/getzapret.exe, 00000001.00000002.3242130851.00000280E22A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://github.com/mhammond/pywizapret.exe, 00000000.00000003.1994772189.000002D749091000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/CPU_Serial_List.txtzapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://wwww.certigna.fr/autorites/0mzapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerzapret.exe, 00000001.00000003.1998232364.00000280E119B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1999490910.00000280DF887000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998416560.00000280DF887000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1999375692.00000280DF864000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998277272.00000280E1191000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998250799.00000280E1195000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/hwid_list.txtzapret.exe, 00000001.00000002.3241587109.00000280E1EC0000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3243005561.00000280E29F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://mail.python.org/pipermail/python-dev/2012-June/120787.html.zapret.exe, 00000001.00000002.3241695700.00000280E1F80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://httpbin.org/zapret.exe, 00000001.00000002.3240300839.00000280DF88F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://wwww.certigna.fr/autorites/zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/urllib3/urllib3/issues/3290tp2zapret.exe, 00000001.00000002.3242166289.00000280E22F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/DiskDrive_Serial_List.txtzapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535zapret.exe, 00000001.00000002.3241315068.00000280E1E87000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syzapret.exe, 00000001.00000003.1998232364.00000280E119B000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1999490910.00000280DF887000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998416560.00000280DF887000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1999375692.00000280DF864000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998277272.00000280E1191000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000003.1998250799.00000280E1195000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/mac_list.txtzapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://crl.securetrust.com/STCA.crlzapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://wwwsearch.sf.net/):zapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E238D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0zapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.accv.es/legislacion_c.htmzapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://tools.ietf.org/html/rfc6125#section-6.4.3zapret.exe, 00000001.00000002.3242662672.00000280E2770000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/MachineGuid.txtzapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://crl.xrampsecurity.com/XGCA.crl0zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.cert.fnmt.es/dpcs/zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://google.com/mailzapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://packaging.python.org/specifications/entry-points/zapret.exe, 00000001.00000002.3242166289.00000280E22F0000.00000004.00001000.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242058781.00000280E2210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.accv.es00zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyzapret.exe, 00000001.00000003.1998250799.00000280E1195000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmzapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://foss.heptapod.net/pypy/pypy/-/issues/3539zapret.exe, 00000001.00000002.3241941981.00000280E2170000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.zapret.exe, 00000001.00000002.3241315068.00000280E1E87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/HwProfileGuid_List.txtzapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://discord.com/api/webhooks/1309876516099854346/NlmIv0BUlP0y3DODPLAmrEm_t2a4-__dOn_mRm2KytzcqpDzapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://google.com/zapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://mahler:8092/site-updates.pyzapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E23DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://crl.securetrust.com/SGCA.crlzapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://.../back.jpegzapret.exe, 00000001.00000002.3242735835.00000280E27F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.python.org/download/releases/2.3/mro/.zapret.exe, 00000001.00000002.3241018374.00000280E1A90000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                            		high
                                                                                                                            https://httpbin.org/postzapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/Ousret/charset_normalizerzapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txt.zapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.firmaprofesional.com/cps0zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://github.com/urllib3/urllib3/issues/2920zapret.exe, 00000001.00000002.3242699160.00000280E27B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.securetrust.com/SGCA.crl0zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://yahoo.com/zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crl.securetrust.com/STCA.crl0zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BIOS_Serial_List.txtzapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://api.ipify.orgzapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6zapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://crl.thawte.com/ThawteTimestampingCA.crl0zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://html.spec.whatwg.org/multipage/zapret.exe, 00000001.00000002.3241315068.00000280E1E87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.quovadisglobal.com/cps0zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlzapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningszapret.exe, 00000001.00000002.3242058781.00000280E2210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningspzapret.exe, 00000001.00000002.3242058781.00000280E2210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://www.rfc-editor.org/rfc/rfc8259#section-8.1zapret.exe, 00000001.00000002.3241315068.00000280E1E87000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Manufacturer_List.txtzapret.exe, 00000001.00000002.3241767433.00000280E2020000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://ocsp.accv.esHzapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://requests.readthedocs.iozapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242848512.00000280E28E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://crl.securetrust.com/STCA.crlcezapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://repository.swisssign.com/zapret.exe, 00000001.00000002.3242202444.00000280E23DC000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://api.ipify.org/zapret.exe, 00000001.00000002.3243005561.00000280E29F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://crl.xrampsecurity.com/XGCA.crlzapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.python.orgzapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_name_list.txtzapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://repository.swisssign.com/dllzapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://www.accv.es/legislacion_c.htm0Uzapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.opensource.org/licenses/mit-license.phpFNzapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242522127.00000280E2566000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://ocsp.accv.es0zapret.exe, 00000001.00000002.3242202444.00000280E2459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://ocsp.thawte.com0zapret.exe, 00000000.00000003.1989408889.000002D749091000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_platforms.txtzapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.python.org/zapret.exe, 00000001.00000002.3241315068.00000280E1D15000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E23DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.python.org/dev/peps/pep-0205/zapret.exe, 00000000.00000003.1996084683.000002D749091000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3241091004.00000280E1B20000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://twitter.com/zapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240300839.00000280DF88F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://stackoverflow.com/questions/4457745#4457745.zapret.exe, 00000001.00000002.3241658823.00000280E1F40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://www.quovadisglobal.com/cpszapret.exe, 00000001.00000002.3240935757.00000280E1990000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/ip_list.txtzapret.exe, 00000001.00000002.3241731720.00000280E1FE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://google.com/zapret.exe, 00000001.00000002.3241315068.00000280E1D76000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3242202444.00000280E2330000.00000004.00000020.00020000.00000000.sdmp, zapret.exe, 00000001.00000002.3240300839.00000280DF88F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://google.com/mail/zapret.exe, 00000001.00000002.3240300839.00000280DF7D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        104.26.13.205
                                                                                                                                                                                                        		api.ipify.orgUnited States
                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                        185.199.111.133
                                                                                                                                                                                                        		raw.githubusercontent.comNetherlands
                                                                                                                                                                                                        		54113FASTLYUSfalse

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                        Analysis ID:1561801
                                                                                                                                                                                                        Start date and time:2024-11-24 11:12:08 +01:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 9m 53s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:21
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:zapret.exe
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal72.evad.winEXE@33/38@2/2
                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                        • Successful, ratio: 75%
                                                                                                                                                                                                        • Number of executed functions: 47
                                                                                                                                                                                                        • Number of non-executed functions: 215
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): WMIADAP.exe
                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 40.126.53.12, 40.126.53.21, 20.190.181.1, 20.190.181.2, 20.231.128.65, 40.126.53.14, 40.126.53.18, 20.190.181.6, 20.189.173.21
                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, dns.msftncsi.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                        • VT rate limit hit for: zapret.exe

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                        05:13:34API Interceptor6x Sleep call for process: WMIC.exe modified

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        104.26.13.2052b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                                        185.199.111.133cr_asm2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                        cr_asm_crypter.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                        cr_asm_hiddenz.ps1Get hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                        BeginSync lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        raw.githubusercontent.comfile.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                        ZOL2mIYAUH.exeGet hashmaliciousPhemedrone Stealer, PureLog Stealer, XWorm, zgRATBrowse
                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                        STMod_32bit.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                        STMod.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 185.199.111.133
                                                                                                                                                                                                        ST Mod - Patcher.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                        STMod_32bit.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                        STMod.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 185.199.108.133
                                                                                                                                                                                                        y.batGet hashmaliciousBraodoBrowse
                                                                                                                                                                                                        • 185.199.111.133
                                                                                                                                                                                                        OGo8AQxn4k.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                        3o2WdGwcLF.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                        api.ipify.org313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.26.13.205
                                                                                                                                                                                                        unturnedHack.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                        • 104.26.13.205
                                                                                                                                                                                                        https://sendbot.me/seuemprestimogarantidoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                        https://sendbot.me/seuemprestimogarantidoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza StealerBrowse
                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                        file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                        Documenti di spedizione 000293949040405959000.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                        RFQ_PO_N39859JFK_ORDER_SPECIFICATIONS_OM.batGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                                                                                                                        • 104.26.13.205
                                                                                                                                                                                                        MV BBG MUARA Ship's Particulars.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                        CHARIKLIA JUNIOR DETAILS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                        fp2e7a.wpc.phicdn.net17324340651fd0721b4a9b07278d0f63e6333ccd4883a9dc52eb27994b32b0d64dfb919b72906.dat-decoded.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        4yOuoT4GFy.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Clipboard Hijacker, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        decode_8dad31e2f9be3de071939da6e14b6f6e8366fd10a6e77ff91ad879dc0abe6334.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        n5QCsKJ0CP.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        bg.microsoft.map.fastly.netcanva.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        file.exeGet hashmaliciousJasonRATBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        4yOuoT4GFy.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                        6xQ8CMUaES.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        1732382826559c62d8b84c02e95636f46212b9f803082b7868187644fff4926ca8a53349c1874.dat-decoded.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                        17323828261cfef277a3375a886445bf7f5a834ebb1cc85e533e9ac93595cd0e56ebd12426132.dat-decoded.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 146.75.30.172
                                                                                                                                                                                                        download.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 199.232.210.172

                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 172.67.162.84
                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                        IaslcsMo.txt.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 172.67.75.40
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 172.67.162.84
                                                                                                                                                                                                        7jBzTH9FXQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.18.167.46
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 172.67.162.84
                                                                                                                                                                                                        7jBzTH9FXQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.18.166.46
                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                        • 172.67.162.84
                                                                                                                                                                                                        santi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • 104.21.88.139
                                                                                                                                                                                                        ZjH6H6xqo7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 104.21.47.136
                                                                                                                                                                                                        FASTLYUSfile.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.65.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.65.91
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        • 151.101.129.91

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63522\VCRUNTIME140.dllLtzEfymDs1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          UiF5hKi5o7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            X4KSeQkYJT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              https://on-combine-data.s3.us-west-2.amazonaws.com/dealer-data/Share+Point/NTAS_MS3000X_Installer_v2.8.25_October2024_NO_UPS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  SecuriteInfo.com.FileRepMalware.22561.28030.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      SolaraV4.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                        SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\VCRUNTIME140.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):97168
                                                                                                                                                                                                                            Entropy (8bit):6.424686954579329
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:yKHLG4SsAzAvadZw+1Hcx8uIYNUzU6Ha4aecbK/zJZ0/b:yKrfZ+jPYNz6Ha4aecbK/FZK
                                                                                                                                                                                                                            MD5:A87575E7CF8967E481241F13940EE4F7
                                                                                                                                                                                                                            SHA1:879098B8A353A39E16C79E6479195D43CE98629E
                                                                                                                                                                                                                            SHA-256:DED5ADAA94341E6C62AEA03845762591666381DCA30EB7C17261DD154121B83E
                                                                                                                                                                                                                            SHA-512:E112F267AE4C9A592D0DD2A19B50187EB13E25F23DED74C2E6CCDE458BCDAEE99F4E3E0A00BAF0E3362167AE7B7FE4F96ECBCD265CC584C1C3A4D1AC316E92F0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                            • Filename: LtzEfymDs1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: UiF5hKi5o7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: X4KSeQkYJT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: SecuriteInfo.com.FileRepMalware.22561.28030.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: SolaraV4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...Y.-a.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\VCRUNTIME140_1.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):37240
                                                                                                                                                                                                                            Entropy (8bit):6.3017272133584585
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:5GnvMCmWEyhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+XfbRuncS74G5WreKWn14gHc:rCm5yhUcwrHY/ntTxT6ovq7nt+dN
                                                                                                                                                                                                                            MD5:37C372DA4B1ADB96DC995ECB7E68E465
                                                                                                                                                                                                                            SHA1:6C1B6CB92FF76C40C77F86EA9A917A5F854397E2
                                                                                                                                                                                                                            SHA-256:1554B5802968FDB2705A67CBB61585E9560B9E429D043A5AA742EF3C9BBFB6BF
                                                                                                                                                                                                                            SHA-512:926F081B1678C15DC649D7E53BFBE98E4983C9AD6CCDF11C9383CA1D85F2A7353D5C52BEBF867D6E155FF897F4702FC4DA36A8F4CF76B00CB842152935E319A6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...^.-a.........." .....:...6......`A..............................................7]....`A.........................................l.......m..x....................n..x#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_asyncio.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):65256
                                                                                                                                                                                                                            Entropy (8bit):5.944614703180163
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:RKMg5wTSi1avox2OuaCFWuyLCzxWqJLWexhUJq4hAw3VSGxIuYnaRiDG4yjWh8:RlT31dQOnOWuOa8q4mULxIuYnqGyjx
                                                                                                                                                                                                                            MD5:CCC47CD433F0ED282A5AA14C8513EFCA
                                                                                                                                                                                                                            SHA1:F1530E380BBE451EEC1688CABC7042A71745673F
                                                                                                                                                                                                                            SHA-256:4D6AA25D76A9739C6B6DF1D36448BD8CAF9B758FDF77311B8D57600C813B0C74
                                                                                                                                                                                                                            SHA-512:4B60614DAE8FB2F9D9542608D1F3DDFB71659E7929426D67E54F4EFF8764212988AB8BD90E77BFD35C722DBB1970BE86D87E3874E6503F07CD28643B04ACB1BE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}..}...}...}.......}......}......}......}......}..N....}.......}...}..t}..N....}..N....}..N....}..N....}..Rich.}..................PE..d...T..a.........." .....`................................................... ............`.........................................P...P.......d...................................@v..T............................v..8............p..0............................text...._.......`.................. ..`.rdata...J...p...L...d..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_bz2.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):86760
                                                                                                                                                                                                                            Entropy (8bit):6.419600006903186
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:U7Sz7efjsrb7QMpfQKeGPHMD6p4fu718oVABfx1iE3nBZIuMVzbyjS:UeztXcUfAG/MD6pUu76oVax1iE3BZIuu
                                                                                                                                                                                                                            MD5:4FDF3BC5548F98264CCEDCA2E400E8EF
                                                                                                                                                                                                                            SHA1:9254A0A3F16A0DABC11504BBD8BD3B425702A0B6
                                                                                                                                                                                                                            SHA-256:CB2B8853CCF149B0B175769CB8ED6E2F9C2CBEC0AF3D8835C43570FD91DA1B4F
                                                                                                                                                                                                                            SHA-512:3BC15F142DA4708C9E564FDED1207F9502C5EFB93C63E9DB34CAA931EE3D628C3EEF66DC2ADB42D796F7A2E1908BBE26D917AECD151FBC241D9EFC67C8A7F63D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i%.>-D.m-D.m-D.m$<<m'D.m.1.l/D.mK+Rm.D.m.1.l!D.m.1.l%D.m.1.l)D.m.1.l.D.m9/.l/D.m-D.mMD.m.1.l%D.m.1.l,D.m.1Pm,D.m.1.l,D.mRich-D.m........PE..d...l..a.........." .........f............................................................`..........................................&..H....&.......`.......P..4....6.......p...... ...T...............................8...............@............................text............................... ..`.rdata...B.......D..................@..@.data........@......................@....pdata..4....P....... ..............@..@.rsrc........`.......*..............@..@.reloc.......p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_ctypes.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):126696
                                                                                                                                                                                                                            Entropy (8bit):5.925814056158047
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:ns51kM2JpMk49dWZKrcsaIopofrZVUAWwVIuBP4F:snkMoOwCc6frZBWwE
                                                                                                                                                                                                                            MD5:A1B81CE092C5A2C9AFD13B5CAE872441
                                                                                                                                                                                                                            SHA1:05B695DBB5E62ADB368D8BD142F667B2E7E9D437
                                                                                                                                                                                                                            SHA-256:EB5EBEB25888FF124ABD0DB3E08577B84538E62610107FE4E008D7C188A78210
                                                                                                                                                                                                                            SHA-512:5158E462B0AEEBF711E42363CF9CA1AC546958154257CC3063BA4575DA28C2A7C95B1527A54ADFA00D9B3C6F8832AEDD97E6C79F5CD70A47146AFB0F1AFA288A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........P...1a..1a..1a..I..1a..D`..1a..Dd..1a..De..1a..Db..1a.BD`..1a..Ze..1a..Z`..1a.`X`..1a..1`..1a.BDl..1a.BDa..1a.BD...1a.BDc..1a.Rich.1a.........................PE..d...g..a.........." .................^...............................................*....`..........................................d......te..........................................T........................... ...8............................................text............................... ..`.rdata...p.......r..................@..@.data...D?.......:...v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_decimal.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):272104
                                                                                                                                                                                                                            Entropy (8bit):6.523584930005827
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:thn7Ki4/DOyyraBcGaWdK9iaweDmLsdmg9qWMa3pLW1A1AomNaZ:OiSOPraBxVKdyLsgiN6aZ
                                                                                                                                                                                                                            MD5:2DABDD7B03EE2D8328FAD17BC9CF9970
                                                                                                                                                                                                                            SHA1:B609D222807EEFF2DC4EA3A6AB4C36A9BF2067A4
                                                                                                                                                                                                                            SHA-256:5F8E850820050CABE5AA36838BA9ABD62A4F5D5D2AA1B337CBB795077E1D48BF
                                                                                                                                                                                                                            SHA-512:4D89F284ACD6118FD0A5081CB52DFA8F4453A7980E04B91E4592F8F05FE620729DB2BD9178B7DF61C1B0B0990096780A81F49414A551B3D9BEF6397F3342C60A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P@<..!R..!R..!R..Y...!R.FTS..!R.FTW..!R.FTV..!R.FTQ..!R..TS..!R..JS..!R..!S..!R..TQ..!R..T_..!R..TR..!R..T...!R..TP..!R.Rich.!R.........................PE..d...V..a.........." .........J...............................................@............`......................................... ...P...p........ ...........,...........0..`.......T...............................8...............(............................text............................... ..`.rdata..\...........................@..@.data...X*.......$..................@....pdata...,..........................@..@.rsrc........ ......................@..@.reloc..`....0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_hashlib.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):66280
                                                                                                                                                                                                                            Entropy (8bit):6.05323789374343
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:QDyWRAgSG1MbRSoc0NK5ERnzJXkNeQWC3YcOKPte7F8dCmjDzoxIuYIh6DG4yjXE:SnuSqe4h3QV3jOqm8dCuzoxIuYIcyjU
                                                                                                                                                                                                                            MD5:CC06750AC9811E6B0EBE1482C032B0CF
                                                                                                                                                                                                                            SHA1:DB0E43E4C0082D44B9385D6D94A68ECC72FD99E7
                                                                                                                                                                                                                            SHA-256:9A1FFA72A808FDFE88DD8F9E7083B285EDF246DF07C35AC032DC45D905F58FCE
                                                                                                                                                                                                                            SHA-512:EDEDEC073F5651CDF2F0ED6A74278B0DF630871F2CCAD7D831A908A7E3EFA4E5BED96D38647706ADD29963A515C9A13051F1457AE934D5FF75129E41BB4CD8DD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...;.m.6...`...0...`...9...`...:...`...1.....0...&...0...d...1...2........3.....3.....3.....3...Rich2...........PE..d...r..a.........." .....d..........TC.......................................0......A:....`.........................................0...P.................................... ..........T...........................@...8............................................text....b.......d.................. ..`.rdata...R.......T...h..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_lzma.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):163048
                                                                                                                                                                                                                            Entropy (8bit):6.770632169631837
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:YaV4kBVeMMbwjQneCHPDLORDEUznfo9mNoRrL4rEZIuD1N2:YaV4kBVHMKQZrUDEKwYORwrEW
                                                                                                                                                                                                                            MD5:CE4A35FC25D50497E8BE0E75FF8D61B3
                                                                                                                                                                                                                            SHA1:19325E4BFE74289F062B657DF082E47AC7BC14EB
                                                                                                                                                                                                                            SHA-256:E352C77F7810EA83617ED096626AC9C3D628726DEF47551F90741D201C1F3B3D
                                                                                                                                                                                                                            SHA-512:380B2BE74D440B44C0ABAD4CFE3CDDFFBB36CA53D844DFE262B869CFF0309F0758A86D220EB8C19EEA4F18E823906C90CA2C8566E8E59E5C3E25DDC9D149CDB9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h..h..h...u..h....h....h....h....h.p...h.....h..h.h.p...h.p...h.p....h.p...h.Rich.h.........PE..d......a.........." .....|..........43...............................................{....`..........................................7..L...\7..x............`.......`..........4...x...T..............................8...............8............................text....z.......|.................. ..`.rdata..R...........................@..@.data........P.......4..............@....pdata.......`.......<..............@..@.rsrc................T..............@..@.reloc..4............^..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_multiprocessing.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):30440
                                                                                                                                                                                                                            Entropy (8bit):6.0408765002330185
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:CWuc9Av7HQnqD0C7RqBIuAtqJDG4yji6vh2:TAv7kqD0C7RqBIuAtqLyjq
                                                                                                                                                                                                                            MD5:28FFC21F17ED65718F3B85810477EEBE
                                                                                                                                                                                                                            SHA1:4F52DD7FCC4A3DAFFA1AB97A864D19290C6B5B62
                                                                                                                                                                                                                            SHA-256:B3D17B695A00E55309F892F506EB1D6CBC781271F6B08F54D4D73D5359E7F2A5
                                                                                                                                                                                                                            SHA-512:CAB7158D03E384F196DD9AA5A6F64195C22FA6A7D72E2A6612ECEB419A0BB7865C1401F9532FA76968A190ED95382359B06D0764BE15114F690958719A2D96D5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)"..HL..HL..HL..0...HL..=M..HL..=I..HL..=H..HL..=O..HL.n=M..HL..#M..HL..HM..HL.n=A..HL.n=L..HL.n=...HL.n=N..HL.Rich.HL.........PE..d...[..a.........." ....."...:......T.....................................................`.........................................pQ..`....Q..x............p.......Z...............C..T............................C..8............@...............................text...s .......".................. ..`.rdata.......@.......&..............@..@.data...x....`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_overlapped.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):46312
                                                                                                                                                                                                                            Entropy (8bit):6.11608900808579
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:11zGueXyE2JbUaMwaAofoYlEFUmjYL0/T/jD1wS18NIuttcBDG4yIehI:DqljwaKjYLWT/jD6SqNIuttcDyIb
                                                                                                                                                                                                                            MD5:77F3FA03D5C49F3D21A3011CAAE70C6D
                                                                                                                                                                                                                            SHA1:C748F1CA2803C991F8C9E7E56F428F83ADD50707
                                                                                                                                                                                                                            SHA-256:7A92DB1B4F65473E44B54CC71BD2A174DB86EBB1FBE642A88E7A7E10B839A2EA
                                                                                                                                                                                                                            SHA-512:4506CE0CA68233BF8CAC1D846FEF08025DE8872FCFFC6A42C21D77B5DB8B47F9F27B62BAB8F843B151D66C035D82A82C68C4D7A143584C7B184707046460B26D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I...'...'...'.....'...&...'..."...'...#...'...$...'.Z.&...'...!...'...&...'...&...'.Z.*...'.Z.'...'.Z.....'.Z.%...'.Rich..'.........PE..d...[..a.........." .....B...X......T....................................................`.............................................X........................................... g..T............................g..8............`...............................text....A.......B.................. ..`.rdata..Z5...`...6...F..............@..@.data...p............|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_queue.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):29416
                                                                                                                                                                                                                            Entropy (8bit):6.110331688514623
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:r3ZiJO6iUi3w2SW6S6rOGvY3nhszCnqVIumUYDG4y8i2MehObb:+O6Q3z6rOGQ2hVIumUYDG4yEMehObb
                                                                                                                                                                                                                            MD5:1B1A7CB8FD95C0D9741462DE11ABD43D
                                                                                                                                                                                                                            SHA1:6EC962CFD0D9F0DC69C9C1D424FE6FEE591FE278
                                                                                                                                                                                                                            SHA-256:3C907316271B15935FF400B65D24F229FEB980A5BE9CB4AD9F79F210FF0B884C
                                                                                                                                                                                                                            SHA-512:8136EC741210CE8BE2D2BCCD013EE29D154F61F41188FAFF81C16FA8CFD143870200A757CDA7D0F5DA738409339C87D6B5C80517C8596FD5D6291DD8164A57CF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q..}...}...}.......}......}......}......}......}..N....}.......}...}..}..N....}..N....}..N....}..N....}..Rich.}..................PE..d...X..a.........." .........:.......................................................=....`..........................................C..L....C..d....p.......`..0....V..............03..T............................3..8............0..@............................text............................... ..`.rdata.......0......."..............@..@.data... ....P.......@..............@....pdata..0....`.......F..............@..@.rsrc........p.......J..............@..@.reloc...............T..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_socket.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):80104
                                                                                                                                                                                                                            Entropy (8bit):6.137655136350744
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:ABCJoimjxvExWxAd9/s+++prjDmrpZMP4kVIuBw/yyO:Tai6lfAd9/sT+pDmrbWVIuBwY
                                                                                                                                                                                                                            MD5:439B4D756CDE64FBA441E640DF56DD60
                                                                                                                                                                                                                            SHA1:881DBF2366915399B3BB8BE6083F94F46EEBAAF7
                                                                                                                                                                                                                            SHA-256:ACB377FD6967B2CE819601C7D6A102D30AF570EAEE9E312E383F34AECD5DF142
                                                                                                                                                                                                                            SHA-512:EF4B78E9F6CC740696836062DFFA956EE5B9D1F0BE8D809497EA778FEA80761FC5B3BAA938756344EDC18DBAEEAE6FE660F2EE8FCC25E0D7985E55F4461E3C33
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[...:...:...:...Bg..:...O...:...O..:...O..:...O...:..RO...:...Q...:...:..P:..RO...:..RO...:..RO...:..RO...:..Rich.:..........PE..d......a.........." .....z..........d(.......................................`............`.........................................0...P............@.......0..t............P..........T...........................P...8............................................text....y.......z.................. ..`.rdata..ly.......z...~..............@..@.data...(...........................@....pdata..t....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_ssl.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):155368
                                                                                                                                                                                                                            Entropy (8bit):5.922247290031157
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:++WZEKFRXUxwSYQyDiyqoIpy07jhpfsEW74OH70NmHh4kwooSLteSdN1SG4ZIuM/:+oKFRXUxrZyDHKvhp2744DthN1SG4k
                                                                                                                                                                                                                            MD5:5E2EE0A0277FFE2BD854ABB898310D43
                                                                                                                                                                                                                            SHA1:774CF06C1E6F68C86BF107353E3F4E9DF0EC40DD
                                                                                                                                                                                                                            SHA-256:75AE15B70EAA1950CF259FED95ADE499D7C6DFEFFFDF4C3292C46BD24DA25902
                                                                                                                                                                                                                            SHA-512:4B593B35373D69B59DD01164E09919862AC76F0E38A97FEC458265ADD610A0DC9BCA7287462668EEA5B312C741E3C3644019DF2F31B20BC6F764C95C968792BD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H.x&..x&..x&......x&...'..x&...#..x&..."..x&...%..x&...'..x&...'..x&...'..x&..x'..y&...+..x&...&..x&.....x&...$..x&.Rich.x&.........PE..d......a.........." .........................................................p.......,....`.........................................@...d............P.......@.......B.......`..........T...............................8............................................text............................... ..`.rdata..............................@..@.data... n.......h..................@....pdata.......@....... ..............@..@.rsrc........P.......*..............@..@.reloc.......`.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_uuid.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):23784
                                                                                                                                                                                                                            Entropy (8bit):6.09714327872791
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:ATcuByPxXyessdszCkPTZIuDwSeDG4y8m3EhKn:AwCidsBPTZIuDwnDG4yj0hm
                                                                                                                                                                                                                            MD5:C6CED76F58EB9BCC88DFEA9B4A11D974
                                                                                                                                                                                                                            SHA1:DE636F32FA2E32785B2DBBD697AE8E0BCE3C6540
                                                                                                                                                                                                                            SHA-256:E4CD5A2B7BE54E858592F451B84280397AA8D6546906BC6834170A24A3857FAE
                                                                                                                                                                                                                            SHA-512:7FC5D18ED6165713164AAA6E84377517D5F8C3129BBF65659952A5EE108BEBD4DA27B1A40053885577BC2CF478FA60CF73E0C97F5B0B2CB0FE63B5712385C80B
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<I.F]'.F]'.F]'.O%..D]'..(&.D]'..(".M]'..(#.N]'..($.E]'..(&.D]'.R6&.C]'.F]&.o]'..(/.G]'..('.G]'..(..G]'..(%.G]'.RichF]'.........PE..d...a..a.........." .........*......t.....................................................`..........................................9..L...<:..x....p.......`..|....@..........<...L2..T............................2..8............0..p............................text............................... ..`.rdata.......0......................@..@.data........P......................@....pdata..|....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..<............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\_win32sysloader.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):14848
                                                                                                                                                                                                                            Entropy (8bit):5.117249630300276
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:192:s9Cm72PEO1jIUs0YqEcPbF55UgCWV4rofnDPDRD0gcHvcqvn7ycIt/M/:s9ardA0Bzx14r6nDVUhv+k/
                                                                                                                                                                                                                            MD5:8BC46C6802867A8D753D4481B09A2BED
                                                                                                                                                                                                                            SHA1:790A2295C9152C4480FD62FF5C35EFC67B12CB01
                                                                                                                                                                                                                            SHA-256:A2B7367DCC4E91A504D3077465C2C310C91241587568D901F11C3F5DFB5F37CC
                                                                                                                                                                                                                            SHA-512:54A0E5C42C37E4FE56EA3A666F5C057DD5FD64334FDE054F6C05ADCD6B82C8E5C6C862AC15458F6879FB13E7C4C3C1E32200CC11AEDCBC60CB3DCA2DB1BF3BD2
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f........................................................K...............<.......<.......<.......Rich............................PE..d...:..g.........." ......................................................................`..........................................;..`...p;..d....p..l....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...l....p.......4..............@..@.reloc..@............8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):800520
                                                                                                                                                                                                                            Entropy (8bit):5.485730127773109
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:1K738ONQcosQNRs54PK4ItIVwHLfVEhIESCt:1K738OCcosQNRs54PK4I7E
                                                                                                                                                                                                                            MD5:29ED38D37F51D143CE49E29460F22CB5
                                                                                                                                                                                                                            SHA1:4C0FD208B88CE7AC66497C966E8A049E5DAA383C
                                                                                                                                                                                                                            SHA-256:3377E3349F83EE34F1ACA1244951580D675BA57B886A7C71781B67E8FD2A0B70
                                                                                                                                                                                                                            SHA-512:5C4E6B75FA01E6AE3F936393C069394EA2C9CA153061DFF61B8C11B83BE1339ED73B4A2653C347580217E094B60A6A10A7C909384BC92D8B0844BA7037A79CB6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:PK..........!...#............_bootlocale.pyca.......C.O.o..v.....................@....x...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nHz.e.j...W.n2..e.yh......e.e.d...rZd.d.d...Z.n.d.d.d...Z.Y.n.0.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.J...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin..r....

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\certifi\cacert.pem

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):299427
                                                                                                                                                                                                                            Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                            MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                            SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                            SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                            SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer\md.cp39-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                                            Entropy (8bit):4.821372263592644
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:4bUY03K74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGktCFbCVAS0gzcX6g8H0:jIFCk2z1/t12iwU5usJFKCCgzcqgg
                                                                                                                                                                                                                            MD5:9A4FCC53264FF6F5676284AF100EA9C3
                                                                                                                                                                                                                            SHA1:B37E1B2343C5D00FAD01AD1C46E42DFF53DDA36C
                                                                                                                                                                                                                            SHA-256:CB6734585CDB520C6010F8ABCBEDB13F750D5C7622A475643E6C84FE9975BD6E
                                                                                                                                                                                                                            SHA-512:E29918A7D12B1D752C3AA960A3372519D219B6784C843611F3357C188B3F8A8B113266C1F882781CDAA465517A749AEBD6DF7AEF2585F66ADB9FF405EBAFCB32
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.b...b...b...k.X.`...r...`...)...`...r...a...r...j...r...i.......a...b...D...*...c...*...c...*.4.c...*...c...Richb...........PE..d....#.g.........." ...).....................................................p............`..........................................'..l...\(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\charset_normalizer\md__mypyc.cp39-win_amd64.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):122368
                                                                                                                                                                                                                            Entropy (8bit):5.90335532137174
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:bOA5wkbcEI5NJIJVlOh7lUMbCz1Prv64N6i/yqqZGduIMz:bOWOEI5NJIJLOhdbgrC4LqZGd7O
                                                                                                                                                                                                                            MD5:AC466188E4F695F371B4DDE0AD7CFAAA
                                                                                                                                                                                                                            SHA1:78AE1509556994E4A30791F585B6F65EFA89B542
                                                                                                                                                                                                                            SHA-256:937B55CCC39DE103DE597AB21D226F6395FB0C8CB9C14C9AF7DAFA0E19C191C0
                                                                                                                                                                                                                            SHA-512:8410A47A9BE5956A3FDFADB56C1A03EEBD4FDA5720C650A1F30C89DFFB87F4A4852E80D5DAD8545B452B91C7F1011DBFAB209EAE0B398C72E1C8FF0F6A421CDE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........VyRV7..V7..V7.._O..^7..F...T7...O..T7..F...U7..F...^7..F...[7...B..U7..V7...7......W7......W7......W7......W7..RichV7..................PE..d....#.g.........." ...).6...........7.......................................0............`......................................... ...`.................................... ......@...................................@............P...............................text....4.......6.................. ..`.rdata...Y...P...Z...:..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\libcrypto-1_1.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3429624
                                                                                                                                                                                                                            Entropy (8bit):6.093870626224665
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:6uTKuk2i4IU6ixsOjPWJJrf129Pr1+leV6E3AH/vgpdbZ/NPL0asQa1CPwDv3uF3:6XH+n9Z+1obZ/10asv1CPwDv3uFfJLx
                                                                                                                                                                                                                            MD5:63C4F445B6998E63A1414F5765C18217
                                                                                                                                                                                                                            SHA1:8C1AC1B4290B122E62F706F7434517077974F40E
                                                                                                                                                                                                                            SHA-256:664C3E52F914E351BB8A66CE2465EE0D40ACAB1D2A6B3167AE6ACF6F1D1724D2
                                                                                                                                                                                                                            SHA-512:AA7BDB3C5BC8AEEFBAD70D785F2468ACBB88EF6E6CAC175DA765647030734453A2836F9658DC7CE33F6FFF0DE85CB701C825EF5C04018D79FA1953C8EF946AFD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.>y..P*..P*..P*v..*m.P*-.Q+}.P*-.U+t.P*-.T+w.P*-.S+{.P*k.Q+t.P*..Q*..P*).S+b.P*).T+..P*).P+~.P*).*~.P*).R+~.P*Rich..P*........PE..d.....'a.........." ......$...................................................4.......4...`.........................................@Q/..h....4.@....@4.|....@2......84......P4..O....,.8...........................P.,.8.............4..............................text...4.$.......$................. ..`.rdata..V.....$.......$.............@..@.data....z....1..,....1.............@....pdata.. ....@2.......1.............@..@.idata..^#....4..$....3.............@..@.00cfg..Q....04.......3.............@..@.rsrc...|....@4.......3.............@..@.reloc...x...P4..z....3.............@..B................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\libffi-7.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32792
                                                                                                                                                                                                                            Entropy (8bit):6.3566777719925565
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                                                            MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                                                            SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                                                            SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                                                            SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\libssl-1_1.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):695032
                                                                                                                                                                                                                            Entropy (8bit):5.528361289023932
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:EwIGh2Hjnl6uk51iNXuAX7TBElV57sldbeMR29XxSNreSZYrRnU2lvzsT:Uk51iNZyMR+keSZ6U2lvzsT
                                                                                                                                                                                                                            MD5:BD857F444EBBF147A8FCD1215EFE79FC
                                                                                                                                                                                                                            SHA1:1550E0D241C27F41C63F197B1BD669591A20C15B
                                                                                                                                                                                                                            SHA-256:B7C0E42C1A60A2A062B899C8D4EBD0C50EF956177BA21785CE07C517C143AEAF
                                                                                                                                                                                                                            SHA-512:2B85C1521EDEADF7E118610D6546FAFBBAD43C288A7F0F9D38D97C4423A541DFAC686634CDE956812916830FBB4AAD8351A23D95CD490C4A5C0F628244D30F0A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&v..G.^.G.^.G.^.?.^.G.^.2._.G.^.,._.G.^.2._.G.^.2._.G.^.2._.G.^.2._.G.^.G.^HF.^.2._.G.^.2._.G.^.2.^.G.^.2._.G.^Rich.G.^........................PE..d.....'a.........." .....8...L......<.....................................................`.........................................p+...N..HE..........s........K...~..........l.......8...............................8............0..H............................text....6.......8.................. ..`.rdata..z)...P...*...<..............@..@.data...QM.......D...f..............@....pdata...T.......V..................@..@.idata..PW...0...X..................@..@.00cfg..Q............X..............@..@.rsrc...s............Z..............@..@.reloc..]............b..............@..B................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\mfc140u.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):5653536
                                                                                                                                                                                                                            Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                            MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                            SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                            SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                            SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):67072
                                                                                                                                                                                                                            Entropy (8bit):5.909456553599775
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                                                            MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                                                            SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                                                            SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                                                            SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\pyarmor_runtime_000000\pyarmor_runtime.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):631808
                                                                                                                                                                                                                            Entropy (8bit):6.203024185938932
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:NETuzveZY/QvWctjdcg7fUoPoJzpjlnE5JB:3Bctjdcg7fUoPoJzpjlno
                                                                                                                                                                                                                            MD5:F8F3F69364A8CF5051B7F78C149A537A
                                                                                                                                                                                                                            SHA1:A30C377783DFB986C358C10A98E6FB3220722248
                                                                                                                                                                                                                            SHA-256:5DF342E2C54FB7BDAEA4C5149C5B2BC48CD0414E9BFD5C763441226DFD98C8D0
                                                                                                                                                                                                                            SHA-512:D971E5759539DE047B0D02F180736CC21BB472A375AFA6B301987C039CFB9F14720F2D31EEFE5E031FAE0E8CE728107726C9AE330534B6A16C68618939B2C255
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".............h..0..........a.............................................. .........................................].... ..D3...........@...$..........................................@...(...................(+...............................text...x...........................`.P`.data....F... ...H..................@.`..rdata.......p.......V..............@.`@.pdata...$...@...$..................@.0@.xdata...&...p...(...>..............@.0@.bss.....f............................`..edata..]............f..............@.0@.idata..D3... ...4...h..............@.0..CRT....X....`......................@.@..tls.........p......................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\pyexpat.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):203496
                                                                                                                                                                                                                            Entropy (8bit):6.333610894327134
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:aIqqphWaJAJ6rFABIbuWH9cfZsVELlsjBh+pzcCEz3aw7g0yurSn/qUspspsLQOX:ZqAoLJ6LuWH9cfZAjwpzoOEyuGnV51y
                                                                                                                                                                                                                            MD5:EA357D1BB9D07864ED9328273D903AB7
                                                                                                                                                                                                                            SHA1:68CA51AA0D6BC2F127E3D1203449AD28115C1099
                                                                                                                                                                                                                            SHA-256:395540306001F1B0EFC4CDB3A061D851CB0EA13279FC470428379C7AD04402A7
                                                                                                                                                                                                                            SHA-512:ABB990E33C205B8AA513FFBB13E2CAF8027CB69E7CA57ED4DCEF011E87DD6E328862E708E007684D0E5BB191ECBC34BFEB55CFB0F8FC731672FFF4FB8B02D6AE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7b..s..Js..Js..Jz{:J...J!v.Kq..J!v.K...J!v.K{..J!v.Kp..J.v.Kq..Jgh.Kp..Js..J...J.v.Kw..J.v.Kr..J.vVJr..J.v.Kr..JRichs..J........PE..d...e..a.........." .........................................................0......d.....`............................................P... ................................ .......V..T............................V..8............@...............................text....-.......................... ..`.rdata......@.......2..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\python3.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):59624
                                                                                                                                                                                                                            Entropy (8bit):5.909609096107546
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:Hn+mYEBMcEfpzVHBlAUcfc0la6Wc6kH/ZFJ1Yu+wNBECaOMyCgUhkb0E/G/mVIud:H+mYEBMofwkamVIuB0+y2
                                                                                                                                                                                                                            MD5:3FB3CD7E895336780FD3D3500A7DE39E
                                                                                                                                                                                                                            SHA1:B6728622BC41C521EFDC7C0FDE42BD52F71B9B83
                                                                                                                                                                                                                            SHA-256:D12F5E0E31DDDAD0128BE834C5F7D67AC8C3B776ACD9738032555E6E7CB6C31A
                                                                                                                                                                                                                            SHA-512:6C93F6BC18BE0BE0AFF355BC61ADA05645D0B86AE3340A2860999BA8758F8FFF8197087AB765BEC0BC93DC4004F85972FD316EC57AC93C8B760DA39E38ACAB3D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............d...d...d.Y.l...d.Y.d...d.Y.....d.Y.f...d.Rich..d.........PE..d...N..a.........." ......................................................................`.........................................` ..<............................................ ..T............................................................................text............................... ..`.rdata....... ......................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\python39.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4490472
                                                                                                                                                                                                                            Entropy (8bit):6.440019477857707
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:RvVhdnYR7v/ZWQqC/KVBCNE4LWKFj7X6YMpYwgzxsDnfu3pbSLIlTrr4z9IE3uju:/2v/ZWrVVYRKyIFCDHuoPHVM2bwYJk
                                                                                                                                                                                                                            MD5:789B4ECBCE732A7E8479E8909F097D16
                                                                                                                                                                                                                            SHA1:A79C2E1CA0AD675A48F3BBA0FBDEFF1B888F0E74
                                                                                                                                                                                                                            SHA-256:8314174DACFC1C4F177BE8266C78F147621CF577A39742642A76EC27E7B87B02
                                                                                                                                                                                                                            SHA-512:B9B57FF21735C06F4B3957CDD5A3AB54602A7141F1792DE52AEA0E6FC41BE957070B958AB75B1A26A302B6FB17A02E9A187AD289A6AF0C72A5ADE43B4BF06E6D
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................x..............\..,..\.....\......\.....Rich...................PE..d...A..a.........." .....`#...#.....`j.......................................@G.....^.E...`.........................................p.<.....`.=.|.....F......pD..0...hD.......F..u....$.T...........................0.$.8............p#.h............................text...t_#......`#................. ..`.rdata..nA...p#..B...d#.............@..@.data.........=.......=.............@....pdata...0...pD..2....A.............@..@.rsrc.........F.......C.............@..@.reloc...u....F..v....C.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\pythoncom39.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):669184
                                                                                                                                                                                                                            Entropy (8bit):6.040428215573804
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:BI0I51JEf1oRIdmaM1XtrxSfwrH33pdPsW:u0I5Mf1oe3MBt2wrHU
                                                                                                                                                                                                                            MD5:4BF001C604B2CACAB4B134A3A4D6F0F9
                                                                                                                                                                                                                            SHA1:6B0641946A16B58CE6348A3B42D3D701EC9EFC24
                                                                                                                                                                                                                            SHA-256:C670CD801768551CFC39245A158859AEDF6C851B88C6E07BE4A4BDDF3EA5B461
                                                                                                                                                                                                                            SHA-512:396B5C864457A81DBFB1852142E08155B7DCD2FDBD243BB4B53C50BA6C6FD5593448302F440AEA7AE96013506BFB3F146BD0CAA5F49D793FB89962DF2B8AC0D6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.~.T.-.T.-.T.-.,.-.T.-.!.,.T.-.!.,.T.-.!.,.T.-.!.,.T.-T!.,.T.-.,.,.T.-#!.,.T.-.,.,.T.-.T.-.U.-T!.,.T.-T!.,.T.-T!.,.T.-Rich.T.-................PE..d...f..g.........." .....................................................................`..........................................U...c..............\....@...z............... ..P...T...............................8............................................text.............................. ..`.rdata..h$.......&..................@..@.data....I..........................@....pdata...z...@...|..................@..@.rsrc...\...........................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\pywintypes39.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):134656
                                                                                                                                                                                                                            Entropy (8bit):5.99436332194088
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:+Y4fMMwcym4PH3d5Zdtt1Y/r06Yri2nowBm+Ez5BXteZRpG:+Y4fMMwcn4P3VY/rkG6pBm+EtBXteZ
                                                                                                                                                                                                                            MD5:7DFB34E72C449200495A5F5B0F7E2DC3
                                                                                                                                                                                                                            SHA1:B3ECF0F0989748B2AFDA182E11B10226BF38CDA0
                                                                                                                                                                                                                            SHA-256:555E0291ABE674F060C704A9BE49FF99102D45FC4E60361E0A8910C6AFBE4B5D
                                                                                                                                                                                                                            SHA-512:227A1A48F5397F074C6712449C4BF422077114E4607F2922507914197B1A83C0FD3A6A39D5CAA115AB4AB8C03D721B466D05206EBFA38DC239EE702E0507FCEB
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ZI+.;'x.;'x.;'x.C.x.;'x.N&y.;'x.T.x.;'x.N"y.;'x.N#y.;'x.N$y.;'x.C#y.;'xdN&y.;'x.C&y.;'x.;&x;;'x.N.y.;'x.N'y.;'x.N%y.;'xRich.;'x................PE..d......g.........." ................l........................................P............`..........................................u..lB......,....0..d.......@............@..0....Q..T............................R..8............................................text............................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..@...........................@..@.rsrc...d....0......................@..@.reloc..0....@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\select.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):28904
                                                                                                                                                                                                                            Entropy (8bit):6.180003089893328
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:OYyAU1265whK9HqQOc+VIumGHDG4yjfhs:u86GhWKQOc+VIumGhyj6
                                                                                                                                                                                                                            MD5:DB414DEBF94ABE8D159F42F71FD4C292
                                                                                                                                                                                                                            SHA1:1B585A565D6C769A9323885D0F3AF2038FB06DFE
                                                                                                                                                                                                                            SHA-256:2A451074AFE05260FC274FBA6851F8F96CD46AD32B657D876DD55F237244B6E3
                                                                                                                                                                                                                            SHA-512:16A35BACD1511A327DD490304B48D7B2B87E906E693283950C46B3AE4DA5DB1F68D50B937F3E31329D106E92751456A9F31637495B2B8190B5F2A4A49C9146A5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f ...N...N...N.......N..rO...N..rK...N..rJ...N..rM...N.nrO...N..lO...N...O...N.nrC...N.nrN...N.nr....N.nrL...N.Rich..N.........PE..d...\..a.........." ....."...4............................................................`..........................................Q..L....R..x............p..T....T..........D....B..T...........................0C..8............@..(............................text.... .......".................. ..`.rdata..J....@.......&..............@..@.data........`.......B..............@....pdata..T....p.......D..............@..@.rsrc................H..............@..@.reloc..D............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\unicodedata.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1121512
                                                                                                                                                                                                                            Entropy (8bit):5.372899854994103
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:yezMmuZ63NTQCb5Pfhnzr0ql8L8kkM7IRG5eeme6VZyrIBHdQLhfFE+uom7:yezucZV0m88MMREtV6Vo4uYom7
                                                                                                                                                                                                                            MD5:8A888FC01D0ED182F4C6E3DDC27665EB
                                                                                                                                                                                                                            SHA1:1C5AF90831CA65C4ECE4C0B23110AD81C28D281C
                                                                                                                                                                                                                            SHA-256:3EFD2CFB8F29E914E002A244B2072AD9ED595ABCB9179759020F3A10C9089204
                                                                                                                                                                                                                            SHA-512:E3F85F612A02681D972F26683EE69B9F454497E0C32E8D44A8CC63FA496604467A3BE3CD924FDB503D1EB6C9AF030D44C462DA0BDFFED3D83E6B42C211DDC19A
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^Q$~.0J-.0J-.0J-.H.-.0J-HEK,.0J-HEO,.0J-HEN,.0J-HEI,.0J-.EK,.0J-.[K,.0J-.0K-P0J-.EG,.0J-.EJ,.0J-.E.-.0J-.EH,.0J-Rich.0J-................PE..d...]..a.........." .....J..........T).......................................@............`.............................................X...h........ .......................0......`L..T............................L..8............`...............................text....I.......J.................. ..`.rdata.."....`.......N..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\win32api.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):132608
                                                                                                                                                                                                                            Entropy (8bit):5.860675121747291
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:59QEOrC5gBVGXME3YJBlRVFhLaNzvoqQvmi2pCsbh1aZHee:vGrCuBV2ME3YLlRVgvoqQEpzbhQ
                                                                                                                                                                                                                            MD5:1C1082769ED91017DEAAF7F2D9127FF6
                                                                                                                                                                                                                            SHA1:55D4C423A9F20D845F5F674702D6F392D071540B
                                                                                                                                                                                                                            SHA-256:BD70D1BDBDE2A95035E13DF256575DB10E2E787C934154D7A0AB9FFD75E55BBB
                                                                                                                                                                                                                            SHA-512:4C2C86D540C03A11A12684324B72A28B8B45F32E99666D0C0F460AE1695121B31E94482746A7A751AC0F846DC92055E905E24617C362759BE33CF73AAAB570FD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V.p...p...p.......p.......p.......p.......p..z....p.......p.......p.......p...p...q..z....p..z....p..z....p..Rich.p..................PE..d...<..g.........." .........................................................P............`.........................................P...............0..T....................@..X....v..T............................;..8............0.........@....................text............................... ..`.rdata..b....0......................@..@.data...X(......."..................@....pdata..............................@..@.rsrc...T....0......................@..@.reloc..X....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\win32trace.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):23552
                                                                                                                                                                                                                            Entropy (8bit):5.276575990828494
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:YhYugi3RZNuX9jXG23R+0I1FERUgg0T8DmnhWqKiPqH15yn9SUayh1B6:Y+hGwX9jj1WxiyVUzDB
                                                                                                                                                                                                                            MD5:097EAD767033DAE9A223B92BF3E78C09
                                                                                                                                                                                                                            SHA1:62716BA075E8A3DB428467339A72B02E6559DB27
                                                                                                                                                                                                                            SHA-256:61CDCA40AA8D18CDDA79F409B35880A3F8992B7A7F08787CC4762900D826C611
                                                                                                                                                                                                                            SHA-512:09A494A807EC73F04274211CA63BC5B157F1B4A95AF867D08B6478E541CEA990E2AA733C055A8F23D4D3E8437C606CFDBFD7B8663C4269B68E2D6BB11A3EF7CD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)(U.HF..HF..HF..0...HF..=G..HF..=C..HF..=B..HF..=E..HF..=G..HF.{=G..HF..0G..HF..HG..HF..=O..HF..=F..HF..=D..HF.Rich.HF.........................PE..d...5..g.........." .....,...,.......'....................................................`..........................................Q..T...dQ..........\....p.......................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata.......p.......R..............@..@.rsrc...\............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI63522\win32ui.pyd

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1142272
                                                                                                                                                                                                                            Entropy (8bit):6.043395573698808
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:M5YcZrhPXEMXc6rrq+w4rr20QFQbO9p0Wpvhrk+WCVe:KYcHEgrTw2CpfNd
                                                                                                                                                                                                                            MD5:73925CDB0FB73121F5B020ED18007D0E
                                                                                                                                                                                                                            SHA1:6031CD3A4E8A062C8F930067DD0FD476586CBABA
                                                                                                                                                                                                                            SHA-256:8F76EE2BE223A57D477B10CC4109FA4D29A2B724D386AC3D71C237CF7B4B8520
                                                                                                                                                                                                                            SHA-512:4F714E546376FA35850056113DCB1535DDFE1454F11166DAC4AC03CAFCD5FB6E0B6AF3B68468325358D3D1EC738206105898FDAB2CF859B3E8E8DF53109D1B00
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.K.............d]......i......vi.......d.......i.......i.......i...............i.......i.......i.......i1......i......Rich............PE..d.../..g.........." .........p......$.....................................................`..............................................T...q..h...............................\\..`...T.......................(.......8................0...........................text............................... ..`.rdata.............................@..@.data...............................@....pdata...............`..............@..@.rsrc...............................@..@.reloc..\\.......^..................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\j191cc7_

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                            Entropy (8bit):2.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:qn:qn
                                                                                                                                                                                                                            MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                                                            SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                                                            SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                                                            SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:blat

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpczg4b3hw\gen_py\__init__.py

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):176
                                                                                                                                                                                                                            Entropy (8bit):4.713840781302666
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                                            MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                                            SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                                            SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                                            SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpczg4b3hw\gen_py\dicts.dat

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):10
                                                                                                                                                                                                                            Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:qW6:qW6
                                                                                                                                                                                                                            MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                                            SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                                            SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                                            SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:..K....}..

                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                            Entropy (8bit):7.99675856110463
                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 74.95%
                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 12.51%
                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 12.50%
                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
                                                                                                                                                                                                                            File name:zapret.exe
                                                                                                                                                                                                                            File size:11'430'000 bytes
                                                                                                                                                                                                                            MD5:b334e071601498fe209fa9553b37d7ad
                                                                                                                                                                                                                            SHA1:d41a57e6ac317d9f7a192ed8502b3c138b16d3e6
                                                                                                                                                                                                                            SHA256:889766832b793b6971c21bde6fef741285af8b9adc16a29dbdde54ad7c450465
                                                                                                                                                                                                                            SHA512:bc82b5dad74d7f7b28080933a0ca1b261de6b07c3f147efb84888e1ee3b0b3638c0cb1a6d16eebf88cc21c7ce22dfd755e89f16c15d68ba12113eac971dafd85
                                                                                                                                                                                                                            SSDEEP:196608:0aMSf/XICteEroXxkV1Z2azjvj8p5drY+nwbqP0oTcMsABqhCKcAZRtu23Micx6Y:TtfInEroXGVlj87dprMogFABqhCaDu2i
                                                                                                                                                                                                                            TLSH:04B633399BA55C42C5B7603089925574A872F8B44AF0E46D476C86763FFBFA0BFB90C0
                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...{.Ag.<.............'.x.....................@..........................................`................................

                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                            Icon Hash:4a464cd47461e179

                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Entrypoint:0x1400010f6
                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
                                                                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                                                            Time Stamp:0x6741DE7B [Sat Nov 23 13:54:03 2024 UTC]
                                                                                                                                                                                                                            TLS Callbacks:0x4000cca0, 0x1, 0x4000cd60, 0x1
                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                            Import Hash:6c8fb17c9f25327018f03ee70d3488b9

                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 30h
                                                                                                                                                                                                                            mov dword ptr [ebp-04h], 000000FFh
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [0001F3B4h]
                                                                                                                                                                                                                            mov dword ptr [eax], 00000001h
                                                                                                                                                                                                                            call 00007F47D920CFE2h
                                                                                                                                                                                                                            mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                            mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 30h
                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 30h
                                                                                                                                                                                                                            mov dword ptr [ebp-04h], 000000FFh
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [0001F385h]
                                                                                                                                                                                                                            mov dword ptr [eax], 00000000h
                                                                                                                                                                                                                            call 00007F47D920CFB3h
                                                                                                                                                                                                                            mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                            mov eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 30h
                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 000000E0h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov dword ptr [ebp-08h], 00000000h
                                                                                                                                                                                                                            mov dword ptr [ebp-0Ch], 00000000h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            lea eax, dword ptr [ebp-000000C0h]
                                                                                                                                                                                                                            inc ecx
                                                                                                                                                                                                                            mov eax, 00000068h
                                                                                                                                                                                                                            mov edx, 00000000h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ecx, eax
                                                                                                                                                                                                                            call 00007F47D9224355h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [0001F331h]
                                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                            je 00007F47D920CFB5h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            lea eax, dword ptr [ebp-000000C0h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ecx, eax
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [000334BEh]
                                                                                                                                                                                                                            call eax
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov dword ptr [ebp-18h], 00000000h
                                                                                                                                                                                                                            mov dword ptr [ebp-24h], 00000030h
                                                                                                                                                                                                                            mov eax, dword ptr [ebp-24h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [eax]

                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x340000x15c0.idata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x380000xf494.rsrc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x230000xf00.pdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x480000x158.reloc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x1f6a00x28.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x345740x4e8.idata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                            .text0x10000x176780x178007aa898800118778b54f06093855b8601False0.4375data6.147436952423316IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .data0x190000x1400x2002628ed7cbd2b9f6b20a002d16e93a0b4False0.189453125data1.362668923884993IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .rdata0x1a0000x7ef00x8000341d37369c306b997320839481ee89e4False0.45489501953125data6.460416224826983IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            /40x220000x40x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .pdata0x230000xf000x1000dd3fd3a938d18afdcf45ff155c048116False0.458984375data4.946446521496216IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .xdata0x240000xf0c0x10009d19454daf9d8f60d41cadbb451fa1a7False0.225830078125shared library4.245106288261709IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .bss0x250000xf0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .idata0x340000x15c00x1600e2fd4f9e0fe064fe925265d1bde7cb6bFalse0.3263494318181818PGP symmetric key encrypted data - Plaintext or unencrypted data4.457126701539523IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .CRT0x360000x600x200e4c07de7b0e4dae31903a27211c1ff0dFalse0.06640625data0.29046607431271465IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .tls0x370000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .rsrc0x380000xf4940xf600889a9302710c2573f701afac5bc3dddcFalse0.8035600863821138data7.555510428148082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .reloc0x480000x1580x20031ea507f4608c73805f751144a8c13f1False0.515625data3.6807389431483037IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                            RT_ICON0x382080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                                            RT_ICON0x390b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                                            RT_ICON0x399580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                                            RT_ICON0x39ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                                            RT_ICON0x433ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                                            RT_ICON0x459940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                                            RT_ICON0x46a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                                            RT_GROUP_ICON0x46ea40x68data0.7019230769230769
                                                                                                                                                                                                                            RT_MANIFEST0x46f0c0x586XML 1.0 document, ASCII text, with CRLF line terminators0.44554455445544555

                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                            ADVAPI32.dllConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetTokenInformation, OpenProcessToken
                                                                                                                                                                                                                            COMCTL32.dllLoadIconMetric
                                                                                                                                                                                                                            GDI32.dllCreateFontIndirectW, DeleteObject, SelectObject
                                                                                                                                                                                                                            KERNEL32.dllCloseHandle, CreateDirectoryW, CreateProcessW, DeleteCriticalSection, EnterCriticalSection, ExpandEnvironmentStringsW, FindClose, FindFirstFileExW, FormatMessageW, FreeLibrary, GetCommandLineW, GetCurrentProcess, GetEnvironmentVariableW, GetExitCodeProcess, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetStartupInfoW, GetTempPathW, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LocalFree, MulDiv, MultiByteToWideChar, SetDllDirectoryW, SetEnvironmentVariableW, SetUnhandledExceptionFilter, Sleep, TlsGetValue, VirtualProtect, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, __C_specific_handler
                                                                                                                                                                                                                            msvcrt.dll___lc_codepage_func, ___mb_cur_max_func, __argc, __iob_func, __set_app_type, __setusermatherr, __wargv, __wgetmainargs, __winitenv, _amsg_exit, _cexit, _commode, _errno, _filelengthi64, _fileno, _findclose, _fileno, _fmode, _get_osfhandle, _getpid, _initterm, _lock, _onexit, _setmode, _snwprintf, _stat64, _strdup, _unlock, _wcmdln, _wcsdup, _wcsdup, _wfindfirst64, _wfindnext64, _wfopen, _wfullpath, _wputenv_s, _wremove, _wrmdir, _wstat64, _wtempnam, abort, calloc, clearerr, exit, fclose, feof, ferror, fflush, fgetpos, fprintf, fputc, fputwc, fread, free, fwprintf, fsetpos, fwrite, iswctype, localeconv, malloc, mbstowcs, memcmp, memcpy, memset, perror, realloc, setbuf, setlocale, signal, strcat, strchr, strcmp, strcpy, strerror, strlen, strncat, strncmp, strncpy, strtok, vfprintf, wcscat, wcschr, wcscmp, wcscpy, wcslen, wcsncpy, wcstombs
                                                                                                                                                                                                                            USER32.dllCreateWindowExW, DestroyIcon, DialogBoxIndirectParamW, DrawTextW, EndDialog, GetClientRect, GetDC, GetDialogBaseUnits, GetWindowLongPtrW, InvalidateRect, MessageBoxA, MessageBoxW, MoveWindow, ReleaseDC, SendMessageW, SetWindowLongPtrW, SystemParametersInfoW

                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Nov 24, 2024 11:13:34.096995115 CET49743443192.168.2.4104.26.13.205
                                                                                                                                                                                                                            Nov 24, 2024 11:13:34.097085953 CET44349743104.26.13.205192.168.2.4
                                                                                                                                                                                                                            Nov 24, 2024 11:13:34.097198009 CET49743443192.168.2.4104.26.13.205
                                                                                                                                                                                                                            Nov 24, 2024 11:13:34.098117113 CET49743443192.168.2.4104.26.13.205
                                                                                                                                                                                                                            Nov 24, 2024 11:13:34.098154068 CET44349743104.26.13.205192.168.2.4
                                                                                                                                                                                                                            Nov 24, 2024 11:13:35.357887983 CET44349743104.26.13.205192.168.2.4
                                                                                                                                                                                                                            Nov 24, 2024 11:13:35.358617067 CET49743443192.168.2.4104.26.13.205
                                                                                                                                                                                                                            Nov 24, 2024 11:13:35.358680964 CET44349743104.26.13.205192.168.2.4
                                                                                                                                                                                                                            Nov 24, 2024 11:13:35.359675884 CET44349743104.26.13.205192.168.2.4
                                                                                                                                                                                                                            Nov 24, 2024 11:13:35.359746933 CET49743443192.168.2.4104.26.13.205
                                                                                                                                                                                                                            Nov 24, 2024 11:13:35.360574007 CET49743443192.168.2.4104.26.13.205
                                                                                                                                                                                                                            Nov 24, 2024 11:13:35.360723972 CET44349743104.26.13.205192.168.2.4
                                                                                                                                                                                                                            Nov 24, 2024 11:13:35.360775948 CET49743443192.168.2.4104.26.13.205
                                                                                                                                                                                                                            Nov 24, 2024 11:13:35.360857964 CET49743443192.168.2.4104.26.13.205
                                                                                                                                                                                                                            Nov 24, 2024 11:13:41.440207005 CET49744443192.168.2.4185.199.111.133
                                                                                                                                                                                                                            Nov 24, 2024 11:13:41.440248966 CET44349744185.199.111.133192.168.2.4
                                                                                                                                                                                                                            Nov 24, 2024 11:13:41.440841913 CET49744443192.168.2.4185.199.111.133
                                                                                                                                                                                                                            Nov 24, 2024 11:13:41.440841913 CET49744443192.168.2.4185.199.111.133
                                                                                                                                                                                                                            Nov 24, 2024 11:13:41.440881014 CET44349744185.199.111.133192.168.2.4
                                                                                                                                                                                                                            Nov 24, 2024 11:13:42.740988970 CET44349744185.199.111.133192.168.2.4
                                                                                                                                                                                                                            Nov 24, 2024 11:13:42.741400957 CET49744443192.168.2.4185.199.111.133
                                                                                                                                                                                                                            Nov 24, 2024 11:13:42.741421938 CET44349744185.199.111.133192.168.2.4
                                                                                                                                                                                                                            Nov 24, 2024 11:13:42.743087053 CET44349744185.199.111.133192.168.2.4
                                                                                                                                                                                                                            Nov 24, 2024 11:13:42.743160009 CET49744443192.168.2.4185.199.111.133
                                                                                                                                                                                                                            Nov 24, 2024 11:13:42.743547916 CET49744443192.168.2.4185.199.111.133
                                                                                                                                                                                                                            Nov 24, 2024 11:13:42.743679047 CET49744443192.168.2.4185.199.111.133

                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Nov 24, 2024 11:13:33.956406116 CET5805653192.168.2.41.1.1.1
                                                                                                                                                                                                                            Nov 24, 2024 11:13:34.093607903 CET53580561.1.1.1192.168.2.4
                                                                                                                                                                                                                            Nov 24, 2024 11:13:41.299812078 CET5201753192.168.2.41.1.1.1
                                                                                                                                                                                                                            Nov 24, 2024 11:13:41.437722921 CET53520171.1.1.1192.168.2.4

                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Nov 24, 2024 11:13:33.956406116 CET192.168.2.41.1.1.10x25d9Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 24, 2024 11:13:41.299812078 CET192.168.2.41.1.1.10x8aceStandard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Nov 24, 2024 11:12:57.843909979 CET1.1.1.1192.168.2.40x6b3dNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 24, 2024 11:12:57.843909979 CET1.1.1.1192.168.2.40x6b3dNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 24, 2024 11:12:59.205233097 CET1.1.1.1192.168.2.40xe6afNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                            Nov 24, 2024 11:12:59.205233097 CET1.1.1.1192.168.2.40xe6afNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 24, 2024 11:13:34.093607903 CET1.1.1.1192.168.2.40x25d9No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 24, 2024 11:13:34.093607903 CET1.1.1.1192.168.2.40x25d9No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 24, 2024 11:13:34.093607903 CET1.1.1.1192.168.2.40x25d9No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 24, 2024 11:13:41.437722921 CET1.1.1.1192.168.2.40x8aceNo error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 24, 2024 11:13:41.437722921 CET1.1.1.1192.168.2.40x8aceNo error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 24, 2024 11:13:41.437722921 CET1.1.1.1192.168.2.40x8aceNo error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 24, 2024 11:13:41.437722921 CET1.1.1.1192.168.2.40x8aceNo error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false

                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                            Start time:05:13:30
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\zapret.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff756420000
                                                                                                                                                                                                                            File size:11'430'000 bytes
                                                                                                                                                                                                                            MD5 hash:B334E071601498FE209FA9553B37D7AD
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                            Start time:05:13:31
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\zapret.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\zapret.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff756420000
                                                                                                                                                                                                                            File size:11'430'000 bytes
                                                                                                                                                                                                                            MD5 hash:B334E071601498FE209FA9553B37D7AD
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                            Start time:05:13:34
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                                                                                                                                                                                            Imagebase:0x7ff761150000
                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                            Start time:05:13:34
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                            Start time:05:13:34
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:wmic csproduct get uuid
                                                                                                                                                                                                                            Imagebase:0x7ff773b40000
                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                            Start time:05:13:34
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "wmic baseboard get manufacturer"
                                                                                                                                                                                                                            Imagebase:0x7ff761150000
                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                            Start time:05:13:34
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                            Start time:05:13:35
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:wmic baseboard get manufacturer
                                                                                                                                                                                                                            Imagebase:0x7ff773b40000
                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                            Start time:05:13:36
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "wmic diskdrive get serialnumber"
                                                                                                                                                                                                                            Imagebase:0x800000
                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                            Start time:05:13:36
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                            Start time:05:13:36
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:wmic diskdrive get serialnumber
                                                                                                                                                                                                                            Imagebase:0x7ff773b40000
                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                            Start time:05:13:36
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "wmic cpu get serialnumber"
                                                                                                                                                                                                                            Imagebase:0x7ff761150000
                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                            Start time:05:13:36
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                            Start time:05:13:36
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:wmic cpu get serialnumber
                                                                                                                                                                                                                            Imagebase:0x7ff773b40000
                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                            Start time:05:13:38
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "wmic bios get serialnumber"
                                                                                                                                                                                                                            Imagebase:0x7ff761150000
                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                            Start time:05:13:38
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                            Start time:05:13:38
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:wmic bios get serialnumber
                                                                                                                                                                                                                            Imagebase:0x7ff773b40000
                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                            Start time:05:13:39
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "wmic baseboard get serialnumber"
                                                                                                                                                                                                                            Imagebase:0x7ff761150000
                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                            Start time:05:13:39
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                                            Start time:05:13:39
                                                                                                                                                                                                                            Start date:24/11/2024
                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:wmic baseboard get serialnumber
                                                                                                                                                                                                                            Imagebase:0x7ff773b40000
                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:5.7%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:17.8%
                                                                                                                                                                                                                              Total number of Nodes:1136
                                                                                                                                                                                                                              Total number of Limit Nodes:24
                                                                                                                                                                                                                              execution_graph 10996 7ff756429530 10997 7ff756429175 10996->10997 10999 7ff75642928d 10996->10999 10998 7ff756428800 4 API calls 10997->10998 10997->10999 10998->10997 9105 7ff7564210f6 9108 7ff756421154 9105->9108 9109 7ff756421188 9108->9109 9110 7ff756421249 9109->9110 9111 7ff75642123d _amsg_exit 9109->9111 9112 7ff75642127e 9110->9112 9113 7ff756421256 _initterm 9110->9113 9111->9112 9114 7ff756421296 _initterm 9112->9114 9115 7ff7564212bc 9112->9115 9113->9112 9114->9115 9124 7ff7564215c4 9115->9124 9117 7ff756421415 9129 7ff75642cc50 9117->9129 9120 7ff756421469 9122 7ff756421117 9120->9122 9123 7ff756421473 _cexit 9120->9123 9121 7ff75642145c exit 9121->9120 9123->9122 9125 7ff7564215ea 9124->9125 9126 7ff756421699 9125->9126 9127 7ff756421605 9125->9127 9126->9117 9128 7ff756421624 malloc memcpy 9127->9128 9128->9125 9132 7ff756421810 9129->9132 9203 7ff7564282b0 9132->9203 9134 7ff756421833 9211 7ff7564222f0 calloc 9134->9211 9140 7ff756426450 FreeLibrary 9161 7ff756424066 9140->9161 9141 7ff756423cda 9141->9161 9226 7ff756427100 9141->9226 9142 7ff7564262f0 4 API calls 9142->9161 9145 7ff756423d27 9146 7ff756423e90 9145->9146 9147 7ff756423d33 9145->9147 9234 7ff7564271f0 9146->9234 9150 7ff756427100 15 API calls 9147->9150 9148 7ff75642412a fclose 9148->9161 9149 7ff7564221f0 41 API calls 9171 7ff756423d8e 9149->9171 9152 7ff756423d3f 9150->9152 9154 7ff756423d78 9152->9154 9157 7ff756423d5b free 9152->9157 9158 7ff756424040 9152->9158 9153 7ff756423e98 9237 7ff7564221f0 9153->9237 9159 7ff7564271f0 12 API calls 9154->9159 9163 7ff7564271f0 12 API calls 9157->9163 9167 7ff7564221f0 41 API calls 9158->9167 9164 7ff756423d80 9159->9164 9161->9140 9161->9142 9161->9148 9170 7ff756422e10 10 API calls 9161->9170 9161->9171 9359 7ff756426020 9161->9359 9387 7ff756426240 9161->9387 9506 7ff756426570 9161->9506 9162 7ff756423dd0 SetDllDirectoryW 9166 7ff7564262b0 12 API calls 9162->9166 9163->9154 9168 7ff7564221f0 41 API calls 9164->9168 9165 7ff756423eae 9169 7ff756423660 10 API calls 9165->9169 9166->9171 9182 7ff756423ec4 9167->9182 9168->9171 9169->9182 9170->9161 9171->9149 9171->9161 9171->9162 9174 7ff7564262f0 4 API calls 9171->9174 9177 7ff756423df9 strcmp 9171->9177 9183 7ff756423e31 strcpy 9171->9183 9192 7ff756423ff2 9171->9192 9271 7ff756425e00 9171->9271 9288 7ff7564262f0 9171->9288 9297 7ff7564236c0 9171->9297 9305 7ff756427190 9171->9305 9322 7ff756428360 9171->9322 9335 7ff756423c60 9171->9335 9172 7ff756423f7e 9267 7ff7564262b0 calloc 9172->9267 9174->9177 9177->9171 9178 7ff756423e4a 9177->9178 9338 7ff756423be0 9178->9338 9182->9148 9182->9161 9182->9172 9248 7ff7564244f0 9182->9248 9254 7ff756427e80 malloc 9182->9254 9263 7ff756423660 9182->9263 9183->9178 9187 7ff756423e5a 9347 7ff756426450 9187->9347 9191 7ff7564262f0 4 API calls 9202 7ff75642144c 9191->9202 9310 7ff756427ae0 9192->9310 9194 7ff756424008 9195 7ff756426450 FreeLibrary 9194->9195 9196 7ff756424014 9195->9196 9197 7ff7564262f0 4 API calls 9196->9197 9198 7ff75642401e 9197->9198 9199 7ff75642402b 9198->9199 9490 7ff7564275b0 9198->9490 9353 7ff756422330 9199->9353 9202->9120 9202->9121 9204 7ff7564282ce 9203->9204 9205 7ff756428329 9204->9205 9206 7ff7564282da 9204->9206 9205->9134 9206->9205 9208 7ff756428301 9206->9208 9512 7ff756428190 9206->9512 9209 7ff756428310 free 9208->9209 9209->9209 9210 7ff756428321 free 9209->9210 9210->9205 9212 7ff756422308 9211->9212 9213 7ff75642230d 9211->9213 9212->9161 9215 7ff756424430 9212->9215 9565 7ff756422f90 9213->9565 9573 7ff75642e210 9215->9573 9218 7ff756424488 9221 7ff756422ef0 10 API calls 9218->9221 9219 7ff75642445c 9220 7ff756428190 13 API calls 9219->9220 9222 7ff75642446d 9220->9222 9223 7ff75642447a 9221->9223 9222->9223 9575 7ff756422e10 9222->9575 9223->9141 9227 7ff75642710b 9226->9227 9228 7ff756428360 10 API calls 9227->9228 9229 7ff756427120 GetEnvironmentVariableW 9228->9229 9230 7ff756427148 ExpandEnvironmentStringsW 9229->9230 9231 7ff756427136 9229->9231 9232 7ff756428190 13 API calls 9230->9232 9231->9145 9233 7ff75642716c 9232->9233 9233->9145 9233->9231 9235 7ff756428360 10 API calls 9234->9235 9236 7ff756427203 SetEnvironmentVariableW free 9235->9236 9236->9153 9580 7ff756421bc0 9237->9580 9240 7ff75642221f 9240->9158 9240->9165 9241 7ff756421bc0 fputc 9242 7ff75642224b 9241->9242 9242->9240 9583 7ff756424180 9242->9583 9247 7ff756422298 fclose 9247->9240 9249 7ff7564244fd 9248->9249 9250 7ff756428360 10 API calls 9249->9250 9251 7ff75642451e 9250->9251 9252 7ff756428360 10 API calls 9251->9252 9253 7ff75642452f _wfopen 9252->9253 9253->9182 9255 7ff756427eaf 9254->9255 9262 7ff756427f69 free 9254->9262 9256 7ff75642f2a0 2 API calls 9255->9256 9258 7ff756427ebf 9256->9258 9258->9262 9653 7ff75642f390 9258->9653 9260 7ff756427ecf 9261 7ff75642f2a0 2 API calls 9260->9261 9260->9262 9261->9260 9262->9182 9264 7ff756423680 9263->9264 9266 7ff75642367a 9263->9266 9264->9266 9658 7ff756421bf0 9264->9658 9266->9182 9268 7ff7564262c8 9267->9268 9269 7ff7564262cd 9267->9269 9268->9171 9270 7ff756422f90 11 API calls 9269->9270 9270->9268 9272 7ff756425f70 9271->9272 9273 7ff756425e25 9271->9273 9274 7ff756425f4d 9272->9274 9275 7ff756425f97 9272->9275 9277 7ff756421bf0 10 API calls 9272->9277 9276 7ff756425e37 strncpy strncpy 9273->9276 9274->9171 9673 7ff756421c30 9275->9673 9663 7ff756424220 9276->9663 9277->9272 9280 7ff756425f9c 9280->9274 9283 7ff756425faf 9280->9283 9281 7ff756425e7a calloc malloc malloc 9282 7ff756425efc 9281->9282 9281->9283 9282->9283 9284 7ff756425f0a memcpy memcpy memcpy 9282->9284 9285 7ff756422e10 10 API calls 9283->9285 9286 7ff756425f4b 9284->9286 9287 7ff756425f60 free 9284->9287 9285->9274 9286->9274 9287->9286 9289 7ff75642633c 9288->9289 9290 7ff756426301 9288->9290 9289->9171 9291 7ff75642630d free 9290->9291 9292 7ff756426312 9290->9292 9291->9292 9293 7ff75642631e free 9292->9293 9294 7ff756426323 9292->9294 9293->9294 9295 7ff75642632f free 9294->9295 9296 7ff756426334 free 9294->9296 9295->9296 9296->9289 9298 7ff7564236f8 9297->9298 9299 7ff7564237a9 9297->9299 9302 7ff756421bf0 10 API calls 9298->9302 9303 7ff75642374a 9298->9303 9725 7ff756421dc0 9298->9725 9762 7ff7564232f0 9298->9762 9299->9171 9302->9298 9303->9299 9304 7ff756422330 2 API calls 9303->9304 9304->9303 9306 7ff756428360 10 API calls 9305->9306 9307 7ff7564271a7 9306->9307 9308 7ff756428360 10 API calls 9307->9308 9309 7ff7564271b7 _wputenv_s free free 9308->9309 9309->9171 9311 7ff756427aee 9310->9311 9312 7ff756428360 10 API calls 9311->9312 9313 7ff756427b1a 9312->9313 9314 7ff756427b29 signal signal signal GetStartupInfoW 9313->9314 9315 7ff756427bb3 _fileno _get_osfhandle 9314->9315 9316 7ff756427bd5 _fileno _get_osfhandle 9315->9316 9317 7ff756427bf0 _fileno _get_osfhandle GetCommandLineW CreateProcessW 9316->9317 9318 7ff756427c90 9317->9318 9319 7ff756427c56 WaitForSingleObject GetExitCodeProcess 9317->9319 9320 7ff756422ef0 10 API calls 9318->9320 9319->9194 9321 7ff756427ca3 9320->9321 9321->9194 9323 7ff7564283b0 MultiByteToWideChar 9322->9323 9324 7ff756428373 9322->9324 9326 7ff756428438 9323->9326 9327 7ff7564283e5 calloc 9323->9327 9325 7ff75642837d MultiByteToWideChar 9324->9325 9330 7ff756428418 9325->9330 9331 7ff75642839c 9325->9331 9329 7ff756422ef0 7 API calls 9326->9329 9327->9325 9328 7ff7564283fb 9327->9328 9332 7ff756422ef0 7 API calls 9328->9332 9329->9331 9333 7ff756422ef0 7 API calls 9330->9333 9331->9171 9334 7ff756428410 9332->9334 9333->9331 9334->9331 9336 7ff75642f460 fputc 9335->9336 9337 7ff756423c84 9336->9337 9337->9171 10005 7ff756425310 9338->10005 9341 7ff756423c1b 9341->9187 9348 7ff756423e6e 9347->9348 9349 7ff756426463 9347->9349 9348->9191 9349->9348 9350 7ff7564264fa 9349->9350 10294 7ff756427ab0 FreeLibrary 9349->10294 9350->9348 10295 7ff756427ab0 FreeLibrary 9350->10295 9354 7ff756422358 9353->9354 9355 7ff75642233d 9353->9355 9354->9202 9356 7ff75642234b 9355->9356 9357 7ff756422346 free 9355->9357 9356->9354 9358 7ff756422353 fclose 9356->9358 9357->9356 9358->9354 9360 7ff75642e210 9359->9360 9361 7ff756426036 calloc 9360->9361 9362 7ff756426210 strncpy 9361->9362 9367 7ff75642605f 9361->9367 9363 7ff756426178 strncpy 9362->9363 9364 7ff756424220 4 API calls 9363->9364 9366 7ff7564261a0 strncpy 9364->9366 9368 7ff756424220 4 API calls 9366->9368 9369 7ff756426080 memcpy 9367->9369 9372 7ff75642611c 9367->9372 9373 7ff7564260dd strlen 9367->9373 9384 7ff7564261f0 9367->9384 10296 7ff756422420 9367->10296 9371 7ff7564261cd 9368->9371 9370 7ff756424220 4 API calls 9369->9370 9374 7ff7564260a4 strlen strlen 9370->9374 10300 7ff7564241f0 9371->10300 9377 7ff756422e10 10 API calls 9372->9377 9373->9367 9376 7ff756426150 9373->9376 9378 7ff756421dc0 87 API calls 9374->9378 9376->9362 9381 7ff756426159 9376->9381 9380 7ff756426130 free 9377->9380 9378->9367 9379 7ff7564261d8 9383 7ff756424220 4 API calls 9379->9383 9380->9161 9382 7ff756424220 4 API calls 9381->9382 9382->9363 9385 7ff7564261e6 9383->9385 9386 7ff756422e10 10 API calls 9384->9386 9385->9380 9386->9385 9388 7ff756427a70 12 API calls 9387->9388 9389 7ff756426251 9388->9389 9390 7ff756427a70 12 API calls 9389->9390 9391 7ff756426264 9390->9391 9392 7ff756426290 9391->9392 9393 7ff75642627f GetProcAddress 9391->9393 9394 7ff756422e10 10 API calls 9392->9394 9397 7ff75642695d GetProcAddress 9393->9397 9398 7ff756426caf 9393->9398 9396 7ff75642629c 9394->9396 9396->9161 9399 7ff756426979 GetProcAddress 9397->9399 9400 7ff756426ce4 9397->9400 9401 7ff756422ef0 10 API calls 9398->9401 9403 7ff756426ccf 9399->9403 9404 7ff756426995 GetProcAddress 9399->9404 9402 7ff756422ef0 10 API calls 9400->9402 9488 7ff756426ca5 9401->9488 9402->9488 9407 7ff756422ef0 10 API calls 9403->9407 9405 7ff756426d0e 9404->9405 9406 7ff7564269b1 GetProcAddress 9404->9406 9408 7ff756422ef0 10 API calls 9405->9408 9409 7ff756426cf9 9406->9409 9410 7ff7564269cd GetProcAddress 9406->9410 9407->9488 9408->9488 9411 7ff756422ef0 10 API calls 9409->9411 9412 7ff7564269e9 GetProcAddress 9410->9412 9413 7ff756426d50 9410->9413 9411->9488 9414 7ff756426d38 9412->9414 9415 7ff756426a05 GetProcAddress 9412->9415 9416 7ff756422ef0 10 API calls 9413->9416 9419 7ff756422ef0 10 API calls 9414->9419 9417 7ff756426a21 GetProcAddress 9415->9417 9418 7ff756426d23 9415->9418 9416->9488 9420 7ff756426d68 9417->9420 9421 7ff756426a3d GetProcAddress 9417->9421 9422 7ff756422ef0 10 API calls 9418->9422 9419->9488 9425 7ff756422ef0 10 API calls 9420->9425 9423 7ff756426dc8 9421->9423 9424 7ff756426a59 GetProcAddress 9421->9424 9422->9488 9426 7ff756422ef0 10 API calls 9423->9426 9427 7ff756426db0 9424->9427 9428 7ff756426a75 GetProcAddress 9424->9428 9425->9488 9426->9488 9431 7ff756422ef0 10 API calls 9427->9431 9429 7ff756426d98 9428->9429 9430 7ff756426a91 GetProcAddress 9428->9430 9434 7ff756422ef0 10 API calls 9429->9434 9432 7ff756426aad GetProcAddress 9430->9432 9433 7ff756426d80 9430->9433 9431->9488 9435 7ff756426e28 9432->9435 9436 7ff756426ac9 GetProcAddress 9432->9436 9437 7ff756422ef0 10 API calls 9433->9437 9434->9488 9440 7ff756422ef0 10 API calls 9435->9440 9438 7ff756426e10 9436->9438 9439 7ff756426ae5 GetProcAddress 9436->9439 9437->9488 9441 7ff756422ef0 10 API calls 9438->9441 9442 7ff756426df8 9439->9442 9443 7ff756426b01 GetProcAddress 9439->9443 9440->9488 9441->9488 9444 7ff756422ef0 10 API calls 9442->9444 9445 7ff756426b1d GetProcAddress 9443->9445 9446 7ff756426de0 9443->9446 9444->9488 9448 7ff756426b39 GetProcAddress 9445->9448 9449 7ff756426e40 9445->9449 9447 7ff756422ef0 10 API calls 9446->9447 9447->9488 9450 7ff756426e58 9448->9450 9451 7ff756426b55 GetProcAddress 9448->9451 9452 7ff756422ef0 10 API calls 9449->9452 9453 7ff756422ef0 10 API calls 9450->9453 9454 7ff756426e88 9451->9454 9455 7ff756426b71 GetProcAddress 9451->9455 9452->9488 9453->9488 9456 7ff756422ef0 10 API calls 9454->9456 9457 7ff756426b8d GetProcAddress 9455->9457 9458 7ff756426e70 9455->9458 9456->9488 9460 7ff756426ba9 GetProcAddress 9457->9460 9461 7ff756426ed0 9457->9461 9459 7ff756422ef0 10 API calls 9458->9459 9459->9488 9462 7ff756426eb8 9460->9462 9463 7ff756426bc5 GetProcAddress 9460->9463 9464 7ff756422ef0 10 API calls 9461->9464 9467 7ff756422ef0 10 API calls 9462->9467 9465 7ff756426ea0 9463->9465 9466 7ff756426be1 GetProcAddress 9463->9466 9464->9488 9470 7ff756422ef0 10 API calls 9465->9470 9468 7ff756426ee8 9466->9468 9469 7ff756426bfd GetProcAddress 9466->9469 9467->9488 9473 7ff756422ef0 10 API calls 9468->9473 9471 7ff756426f48 9469->9471 9472 7ff756426c19 GetProcAddress 9469->9472 9470->9488 9474 7ff756422ef0 10 API calls 9471->9474 9475 7ff756426f30 9472->9475 9476 7ff756426c35 GetProcAddress 9472->9476 9473->9488 9474->9488 9479 7ff756422ef0 10 API calls 9475->9479 9477 7ff756426f18 9476->9477 9478 7ff756426c51 GetProcAddress 9476->9478 9482 7ff756422ef0 10 API calls 9477->9482 9480 7ff756426c6d GetProcAddress 9478->9480 9481 7ff756426f00 9478->9481 9479->9488 9483 7ff756426c89 GetProcAddress 9480->9483 9484 7ff756426f60 9480->9484 9485 7ff756422ef0 10 API calls 9481->9485 9482->9488 9487 7ff756426f78 9483->9487 9483->9488 9486 7ff756422ef0 10 API calls 9484->9486 9485->9488 9486->9488 9489 7ff756422ef0 10 API calls 9487->9489 9488->9161 9489->9488 9491 7ff7564275c6 9490->9491 9492 7ff756428360 10 API calls 9491->9492 9493 7ff7564275f2 9492->9493 9494 7ff7564275fd wcslen 9493->9494 9495 7ff75642761c wcscat 9494->9495 9496 7ff756427616 9494->9496 10321 7ff75642edf0 9495->10321 9496->9495 9497 7ff756427670 wcscat 9496->9497 9497->9495 9500 7ff756427647 _wrmdir 9500->9199 9503 7ff7564276ae 9504 7ff7564276de _findclose 9503->9504 9505 7ff7564276f0 25 API calls 9503->9505 10341 7ff75642eed0 9503->10341 9504->9500 9505->9503 9508 7ff756426593 9506->9508 9507 7ff7564265e3 9507->9161 9508->9507 9509 7ff756422e10 10 API calls 9508->9509 9510 7ff756426640 9509->9510 9511 7ff756426450 FreeLibrary 9510->9511 9511->9507 9513 7ff7564281f0 WideCharToMultiByte 9512->9513 9514 7ff7564281a3 9512->9514 9515 7ff756428237 calloc 9513->9515 9516 7ff756428290 9513->9516 9517 7ff7564281ad WideCharToMultiByte 9514->9517 9515->9517 9520 7ff756428251 9515->9520 9521 7ff756422ef0 10 API calls 9516->9521 9518 7ff7564281e2 9517->9518 9519 7ff756428270 9517->9519 9518->9206 9523 7ff756422ef0 10 API calls 9519->9523 9524 7ff756422ef0 GetLastError 9520->9524 9521->9518 9523->9518 9533 7ff75642f460 9524->9533 9528 7ff756422f4a 9550 7ff756422d20 9528->9550 9532 7ff756422f80 9532->9518 9534 7ff75642f4ab 9533->9534 9535 7ff75642f482 9533->9535 9536 7ff7564315d5 fputc 9534->9536 9561 7ff7564315d5 9535->9561 9538 7ff756422f3e 9536->9538 9539 7ff756427fa0 9538->9539 9540 7ff756427fac 9539->9540 9541 7ff756428068 GetLastError 9540->9541 9542 7ff756427fba FormatMessageW 9540->9542 9541->9542 9543 7ff756427fec WideCharToMultiByte 9542->9543 9544 7ff756428040 9542->9544 9545 7ff756428080 9543->9545 9546 7ff756428031 9543->9546 9547 7ff756422ef0 7 API calls 9544->9547 9548 7ff756422ef0 7 API calls 9545->9548 9546->9528 9549 7ff756428053 9547->9549 9548->9546 9549->9528 9551 7ff75642f460 fputc 9550->9551 9552 7ff756422d44 9551->9552 9553 7ff756422d50 9552->9553 9554 7ff756422d5e 9553->9554 9555 7ff756428360 8 API calls 9554->9555 9556 7ff756422daa 9555->9556 9557 7ff756422df0 MessageBoxA 9556->9557 9558 7ff756422daf 9556->9558 9557->9532 9559 7ff756428360 8 API calls 9558->9559 9560 7ff756422dc8 MessageBoxW 9559->9560 9560->9532 9564 7ff7564315f4 9561->9564 9562 7ff756431fb5 9562->9538 9563 7ff75642f610 fputc 9563->9564 9564->9562 9564->9563 9566 7ff75642f460 fputc 9565->9566 9567 7ff756422fd7 _errno 9566->9567 9568 7ff756422fe4 9567->9568 9569 7ff756422d20 fputc 9568->9569 9570 7ff756423005 9569->9570 9571 7ff756422d50 10 API calls 9570->9571 9572 7ff75642301a 9571->9572 9572->9212 9574 7ff75642443c GetModuleFileNameW 9573->9574 9574->9218 9574->9219 9576 7ff75642f460 fputc 9575->9576 9577 7ff756422e52 9576->9577 9578 7ff756422d50 10 API calls 9577->9578 9579 7ff756422e67 9578->9579 9579->9223 9581 7ff75642f460 fputc 9580->9581 9582 7ff756421be4 9581->9582 9582->9240 9582->9241 9584 7ff75642418c 9583->9584 9620 7ff756424150 9584->9620 9587 7ff756422264 strcpy 9591 7ff756421fc0 9587->9591 9590 7ff756424150 fputc 9590->9587 9592 7ff756422160 9591->9592 9593 7ff756421fd6 9591->9593 9595 7ff7564244f0 11 API calls 9592->9595 9594 7ff756427e80 5 API calls 9593->9594 9616 7ff75642214c 9593->9616 9596 7ff756422000 9594->9596 9595->9593 9596->9616 9644 7ff75642f2a0 9596->9644 9599 7ff756422021 fread 9602 7ff756422188 9599->9602 9603 7ff756422041 9599->9603 9600 7ff7564221c5 9601 7ff756422f90 11 API calls 9600->9601 9601->9616 9604 7ff756422f90 11 API calls 9602->9604 9605 7ff75642f2a0 2 API calls 9603->9605 9604->9616 9606 7ff75642208b malloc 9605->9606 9607 7ff7564220a7 fread 9606->9607 9608 7ff7564221da 9606->9608 9609 7ff7564221a2 9607->9609 9610 7ff7564220c1 ferror 9607->9610 9611 7ff756422f90 11 API calls 9608->9611 9614 7ff756422f90 11 API calls 9609->9614 9612 7ff7564221b7 9610->9612 9613 7ff7564220df 9610->9613 9611->9616 9615 7ff756422e10 10 API calls 9612->9615 9618 7ff756422e10 10 API calls 9613->9618 9619 7ff756422133 9613->9619 9614->9616 9615->9616 9616->9240 9616->9247 9617 7ff756422140 fclose 9617->9616 9618->9613 9619->9616 9619->9617 9621 7ff75642f460 fputc 9620->9621 9622 7ff756424174 9621->9622 9622->9587 9623 7ff75642e5c0 9622->9623 9624 7ff75642e5e4 9623->9624 9625 7ff75642e5ff setlocale 9624->9625 9626 7ff75642e5ef _strdup 9624->9626 9627 7ff75642e61e 9625->9627 9628 7ff75642ea4b wcstombs realloc wcstombs setlocale free 9625->9628 9626->9625 9627->9628 9629 7ff75642e62d mbstowcs 9627->9629 9630 7ff7564241c2 9628->9630 9631 7ff75642e210 9629->9631 9630->9590 9632 7ff75642e686 mbstowcs 9631->9632 9633 7ff75642e73b 9632->9633 9634 7ff75642e6d4 9632->9634 9635 7ff75642ea41 9633->9635 9637 7ff75642e76b 9633->9637 9634->9633 9636 7ff75642e715 setlocale free 9634->9636 9635->9628 9636->9630 9638 7ff75642e7ea wcstombs realloc wcstombs 9637->9638 9641 7ff75642e7ef wcstombs 9637->9641 9640 7ff75642ea1e setlocale free 9638->9640 9640->9630 9641->9640 9643 7ff75642e975 9641->9643 9643->9640 9647 7ff75642f2e0 9644->9647 9648 7ff75642f326 9647->9648 9649 7ff75642f2fa 9647->9649 9648->9649 9650 7ff75642f368 _errno 9648->9650 9651 7ff75642f37a fsetpos 9649->9651 9652 7ff756422019 9649->9652 9650->9652 9651->9652 9652->9599 9652->9600 9656 7ff75642f3b0 fgetpos 9653->9656 9657 7ff75642f3a8 9656->9657 9657->9260 9659 7ff756421c10 9658->9659 9660 7ff756421c04 9658->9660 9661 7ff756422e10 10 API calls 9659->9661 9660->9264 9662 7ff756421c1c 9661->9662 9662->9264 9664 7ff756424150 fputc 9663->9664 9665 7ff756424241 9664->9665 9666 7ff7564242b8 9665->9666 9667 7ff756424264 strlen 9665->9667 9666->9281 9667->9666 9668 7ff756424279 9667->9668 9669 7ff756424289 strncat 9668->9669 9670 7ff7564242a0 9668->9670 9671 7ff75642428e 9669->9671 9672 7ff7564242a5 strlen 9670->9672 9671->9281 9672->9671 9674 7ff756421c4e 9673->9674 9675 7ff756421d30 9673->9675 9676 7ff75642f2a0 2 API calls 9674->9676 9677 7ff7564244f0 11 API calls 9675->9677 9678 7ff756421c5e 9676->9678 9679 7ff756421d40 9677->9679 9680 7ff756421d78 9678->9680 9681 7ff756421c66 malloc 9678->9681 9679->9674 9682 7ff756421d50 9679->9682 9686 7ff756422f90 11 API calls 9680->9686 9683 7ff756421c7f 9681->9683 9684 7ff756421d92 9681->9684 9685 7ff756422e10 10 API calls 9682->9685 9689 7ff756421c8b 9683->9689 9690 7ff756421d10 9683->9690 9688 7ff756422f90 11 API calls 9684->9688 9687 7ff756421d61 9685->9687 9686->9687 9687->9280 9693 7ff756421c93 9688->9693 9692 7ff756421ca0 fread 9689->9692 9689->9693 9700 7ff756421850 9690->9700 9692->9689 9695 7ff756421cc6 9692->9695 9696 7ff756421cff 9693->9696 9697 7ff756421cf2 fclose 9693->9697 9694 7ff756421d21 9694->9693 9699 7ff756421cde free 9694->9699 9698 7ff756422f90 11 API calls 9695->9698 9696->9280 9697->9696 9698->9699 9699->9693 9721 7ff756428c60 9700->9721 9702 7ff7564218b9 9703 7ff756421b3b 9702->9703 9704 7ff7564218c3 malloc 9702->9704 9707 7ff756422e10 10 API calls 9703->9707 9705 7ff756421b92 9704->9705 9706 7ff7564218d9 malloc 9704->9706 9708 7ff756422f90 11 API calls 9705->9708 9709 7ff756421b7b 9706->9709 9710 7ff7564218ef 9706->9710 9716 7ff75642192b 9707->9716 9708->9705 9711 7ff756422f90 11 API calls 9709->9711 9712 7ff7564218f3 fread 9710->9712 9711->9705 9713 7ff75642191b ferror 9712->9713 9714 7ff756421a35 9712->9714 9713->9714 9713->9716 9715 7ff756421a42 free free 9714->9715 9715->9694 9716->9712 9716->9714 9717 7ff756421a04 9716->9717 9718 7ff756421992 fwrite 9716->9718 9717->9714 9720 7ff756422e10 10 API calls 9717->9720 9718->9717 9719 7ff7564219ba ferror 9718->9719 9719->9716 9719->9717 9720->9714 9722 7ff756428b70 9721->9722 9723 7ff756428bbe malloc 9722->9723 9724 7ff756428bd3 9722->9724 9723->9724 9724->9702 9818 7ff756427550 9725->9818 9728 7ff756421eef 9728->9298 9730 7ff756421df3 9731 7ff756421f78 9730->9731 9732 7ff756421dff 9730->9732 9734 7ff756422f90 11 API calls 9731->9734 9733 7ff756421e0b 9732->9733 9736 7ff7564244f0 11 API calls 9732->9736 9735 7ff75642f2a0 2 API calls 9733->9735 9734->9728 9737 7ff756421e19 9735->9737 9738 7ff756421f10 9736->9738 9739 7ff756421f60 9737->9739 9740 7ff756421e21 9737->9740 9738->9733 9741 7ff756421f1f 9738->9741 9742 7ff756422f90 11 API calls 9739->9742 9743 7ff756421e2b malloc 9740->9743 9744 7ff756421ec0 9740->9744 9745 7ff756422e10 10 API calls 9741->9745 9749 7ff756421ed1 9742->9749 9747 7ff756421f98 9743->9747 9748 7ff756421e41 9743->9748 9746 7ff756421850 20 API calls 9744->9746 9745->9749 9746->9749 9750 7ff756422f90 11 API calls 9747->9750 9751 7ff756421e76 fread 9748->9751 9761 7ff756421e49 free 9748->9761 9752 7ff756421ee7 fclose 9749->9752 9753 7ff756421edb fclose 9749->9753 9754 7ff756421fae 9750->9754 9755 7ff756421e9b 9751->9755 9756 7ff756421e50 fwrite 9751->9756 9752->9728 9753->9752 9754->9749 9758 7ff756422f90 11 API calls 9755->9758 9756->9748 9757 7ff756421f40 9756->9757 9760 7ff756422f90 11 API calls 9757->9760 9758->9761 9760->9761 9761->9749 9763 7ff756423306 9762->9763 9959 7ff756423280 9763->9959 9766 7ff7564233a7 9770 7ff756422e10 10 API calls 9766->9770 9782 7ff7564233b0 9766->9782 9767 7ff756424180 18 API calls 9768 7ff75642335c 9767->9768 9964 7ff756423220 9768->9964 9770->9766 9772 7ff756423384 9773 7ff756427550 58 API calls 9772->9773 9776 7ff75642338c 9773->9776 9774 7ff756423220 6 API calls 9775 7ff756423405 9774->9775 9775->9772 9777 7ff75642340d 9775->9777 9776->9766 9969 7ff756427960 9776->9969 9778 7ff756423220 6 API calls 9777->9778 9780 7ff75642342f 9778->9780 9781 7ff756423437 9780->9781 9784 7ff756423220 6 API calls 9780->9784 9783 7ff756427550 58 API calls 9781->9783 9786 7ff75642351c 9781->9786 9782->9298 9791 7ff756423440 9783->9791 9785 7ff7564234f2 9784->9785 9785->9781 9789 7ff756423220 6 API calls 9785->9789 9787 7ff756422e10 10 API calls 9786->9787 9787->9766 9788 7ff756423528 9792 7ff7564222f0 12 API calls 9788->9792 9789->9781 9790 7ff756423475 strcmp 9790->9791 9796 7ff756423485 9790->9796 9791->9786 9791->9788 9791->9790 9793 7ff756423535 9792->9793 9793->9786 9989 7ff7564231f0 9793->9989 9794 7ff756423498 strcmp 9794->9796 9796->9782 9796->9794 9797 7ff756421dc0 87 API calls 9796->9797 9799 7ff756421bf0 10 API calls 9796->9799 9802 7ff75642363e 9796->9802 9797->9796 9799->9796 9800 7ff7564235d4 9801 7ff756422e10 10 API calls 9800->9801 9805 7ff7564235ec 9801->9805 9804 7ff756422e10 10 API calls 9802->9804 9803 7ff7564231f0 fputc 9806 7ff756423587 9803->9806 9807 7ff75642364d 9804->9807 9808 7ff756422330 2 API calls 9805->9808 9806->9800 9810 7ff7564231f0 fputc 9806->9810 9809 7ff756422330 2 API calls 9807->9809 9808->9786 9809->9766 9811 7ff7564235b1 9810->9811 9811->9800 9812 7ff756421fc0 22 API calls 9811->9812 9813 7ff7564235d0 9812->9813 9813->9800 9814 7ff75642361e 9813->9814 9815 7ff756422f90 11 API calls 9814->9815 9816 7ff756423634 9815->9816 9817 7ff756422330 2 API calls 9816->9817 9817->9786 9819 7ff756427570 9818->9819 9825 7ff756421dd7 9818->9825 9849 7ff756422370 strlen 9819->9849 9824 7ff756422e10 10 API calls 9824->9825 9825->9728 9826 7ff7564277d0 9825->9826 9827 7ff7564277e2 9826->9827 9938 7ff756426fc0 9827->9938 9830 7ff7564278e0 9830->9730 9831 7ff756426fc0 fputc 9832 7ff75642782e 9831->9832 9832->9830 9833 7ff756427839 strlen 9832->9833 9834 7ff756427856 9833->9834 9835 7ff7564278f8 9834->9835 9837 7ff756427870 strlen 9834->9837 9841 7ff756428360 10 API calls 9834->9841 9848 7ff756428590 13 API calls 9834->9848 9941 7ff75642f19b 9834->9941 9836 7ff756428360 10 API calls 9835->9836 9838 7ff756427911 9836->9838 9837->9830 9839 7ff756427886 strlen strcpy strtok 9837->9839 9840 7ff75642f19b 5 API calls 9838->9840 9839->9834 9839->9835 9842 7ff75642791e 9840->9842 9841->9834 9843 7ff756427922 9842->9843 9948 7ff756422e80 9842->9948 9846 7ff7564244f0 11 API calls 9843->9846 9847 7ff756427931 9846->9847 9847->9730 9848->9834 9851 7ff7564223a0 9849->9851 9850 7ff7564223cb 9853 7ff756427390 9850->9853 9851->9850 9852 7ff756422e10 10 API calls 9851->9852 9852->9851 9854 7ff7564273a6 9853->9854 9855 7ff7564273f9 GetTempPathW _getpid 9854->9855 9856 7ff7564273b4 9854->9856 9889 7ff756426f90 9855->9889 9857 7ff756427100 15 API calls 9856->9857 9859 7ff7564273c0 9857->9859 9906 7ff756427230 9859->9906 9862 7ff756427439 _wtempnam 9892 7ff756428590 9862->9892 9864 7ff7564273cb 9866 7ff7564273d7 _wputenv_s free 9864->9866 9867 7ff756427483 9864->9867 9866->9855 9870 7ff7564274a0 9866->9870 9867->9824 9867->9825 9868 7ff7564274b0 9873 7ff756428190 13 API calls 9868->9873 9869 7ff756427451 free 9869->9862 9871 7ff75642745e 9869->9871 9872 7ff756422e10 10 API calls 9870->9872 9871->9867 9877 7ff7564274f8 9871->9877 9878 7ff75642746c 9871->9878 9874 7ff7564274ac 9872->9874 9875 7ff7564274c1 free 9873->9875 9874->9867 9875->9874 9876 7ff7564274ce 9875->9876 9879 7ff756427524 9876->9879 9880 7ff7564274d3 9876->9880 9881 7ff756428360 10 API calls 9877->9881 9882 7ff756427190 13 API calls 9878->9882 9886 7ff756428360 10 API calls 9879->9886 9883 7ff756427190 13 API calls 9880->9883 9884 7ff756427509 SetEnvironmentVariableW free 9881->9884 9885 7ff75642747b free 9882->9885 9887 7ff7564274e2 free 9883->9887 9884->9867 9885->9867 9888 7ff756427535 SetEnvironmentVariableW free 9886->9888 9887->9874 9888->9874 9926 7ff75642f500 9889->9926 9893 7ff75642e210 9892->9893 9894 7ff7564285a2 GetCurrentProcess OpenProcessToken 9893->9894 9895 7ff756428690 GetTokenInformation 9894->9895 9896 7ff7564285e6 9894->9896 9898 7ff7564286b7 GetLastError 9895->9898 9899 7ff7564286c6 calloc 9895->9899 9897 7ff7564285ed free 9896->9897 9900 7ff756428600 CloseHandle 9897->9900 9901 7ff756428606 _snwprintf LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 9897->9901 9898->9896 9898->9899 9899->9896 9902 7ff7564286e8 GetTokenInformation 9899->9902 9900->9901 9903 7ff75642744d 9901->9903 9904 7ff756428665 CreateDirectoryW 9901->9904 9902->9897 9905 7ff756428707 ConvertSidToStringSidW 9902->9905 9903->9868 9903->9869 9904->9903 9905->9897 9907 7ff75642723e 9906->9907 9908 7ff756428360 10 API calls 9907->9908 9909 7ff75642724e 9908->9909 9910 7ff75642725a ExpandEnvironmentStringsW free 9909->9910 9911 7ff756427370 9909->9911 9913 7ff756427350 9910->9913 9915 7ff756427283 9910->9915 9912 7ff756422e10 10 API calls 9911->9912 9925 7ff75642735e 9912->9925 9914 7ff756422e10 10 API calls 9913->9914 9914->9925 9916 7ff756427338 _wcsdup 9915->9916 9917 7ff756427293 _wfullpath 9915->9917 9918 7ff7564272a7 9916->9918 9917->9918 9919 7ff756427380 9918->9919 9920 7ff7564272b0 wcschr 9918->9920 9923 7ff756422e10 10 API calls 9919->9923 9921 7ff75642731d CreateDirectoryW 9920->9921 9922 7ff7564272e1 9920->9922 9921->9864 9924 7ff7564272e8 wcsncpy CreateDirectoryW wcschr 9922->9924 9923->9925 9924->9921 9924->9924 9925->9864 9927 7ff75642f54b 9926->9927 9928 7ff75642f522 9926->9928 9930 7ff7564340e3 4 API calls 9927->9930 9932 7ff7564340e3 _errno 9928->9932 9931 7ff756426fb4 9930->9931 9931->9862 9937 7ff756434160 9932->9937 9933 7ff756434b4f 9934 7ff756434b88 9933->9934 9935 7ff756432358 fputwc fwprintf fwprintf 9933->9935 9934->9931 9935->9934 9936 7ff756432358 fputwc fwprintf fwprintf 9936->9937 9937->9933 9937->9936 9939 7ff75642f460 fputc 9938->9939 9940 7ff756426fe4 9939->9940 9940->9830 9940->9831 9953 7ff75642efb0 9941->9953 9943 7ff75642f1b7 9944 7ff75642f1d8 free 9943->9944 9945 7ff75642f1e4 9943->9945 9944->9945 9946 7ff75642f1ea memset 9945->9946 9947 7ff75642f20b 9945->9947 9946->9947 9947->9834 9949 7ff75642f460 fputc 9948->9949 9950 7ff756422ec2 9949->9950 9951 7ff756422d50 10 API calls 9950->9951 9952 7ff756422ed7 9951->9952 9952->9843 9954 7ff75642efcf 9953->9954 9956 7ff75642f011 9953->9956 9955 7ff75642efdf wcslen 9954->9955 9954->9956 9955->9956 9958 7ff75642eff4 9955->9958 9956->9943 9957 7ff75642f146 malloc memcpy 9957->9956 9958->9956 9958->9957 9960 7ff7564231f0 fputc 9959->9960 9962 7ff7564232a0 9960->9962 9961 7ff7564232cd 9961->9766 9961->9767 9962->9961 9963 7ff7564232b9 strcpy 9962->9963 9963->9961 9965 7ff75642f460 fputc 9964->9965 9966 7ff756423252 9965->9966 9967 7ff756423266 9966->9967 9992 7ff75642ecea 9966->9992 9967->9772 9967->9774 9970 7ff75642796d 9969->9970 9971 7ff7564244f0 11 API calls 9970->9971 9972 7ff756427982 9971->9972 9973 7ff7564277d0 34 API calls 9972->9973 9974 7ff756427990 9973->9974 9975 7ff756427a59 9974->9975 9976 7ff756427a4c 9974->9976 9980 7ff7564279a5 9974->9980 9977 7ff756427a5e fclose 9975->9977 9978 7ff756427a36 9975->9978 9976->9975 9979 7ff756427a51 fclose 9976->9979 9977->9978 9978->9766 9979->9975 9981 7ff7564279c0 fread 9980->9981 9988 7ff756427a21 fclose fclose 9980->9988 9982 7ff7564279f8 fwrite 9981->9982 9983 7ff7564279de ferror 9981->9983 9986 7ff756427a19 clearerr 9982->9986 9987 7ff756427a0d ferror 9982->9987 9983->9980 9985 7ff7564279ea clearerr 9983->9985 9985->9988 9986->9988 9987->9980 9987->9986 9988->9978 9990 7ff75642f460 fputc 9989->9990 9991 7ff75642320d 9990->9991 9991->9800 9991->9803 9999 7ff75642eb30 9992->9999 9994 7ff75642ed06 9995 7ff75642ed27 free 9994->9995 9996 7ff75642ed33 9994->9996 9995->9996 9997 7ff75642ed39 memset 9996->9997 9998 7ff75642ed5a 9996->9998 9997->9998 9998->9967 10000 7ff75642eb4f 9999->10000 10004 7ff75642eb8e 9999->10004 10001 7ff75642eb5e strlen 10000->10001 10000->10004 10003 7ff75642eb73 10001->10003 10001->10004 10002 7ff75642eca0 malloc memcpy 10002->10004 10003->10002 10003->10004 10004->9994 10006 7ff75642531e 10005->10006 10083 7ff7564250a0 10006->10083 10009 7ff756425427 10011 7ff756422e10 10 API calls 10009->10011 10010 7ff756425350 10012 7ff756424220 4 API calls 10010->10012 10030 7ff75642535f 10010->10030 10029 7ff756423bed 10011->10029 10014 7ff7564253c9 10012->10014 10013 7ff756424220 4 API calls 10016 7ff756425374 10013->10016 10020 7ff756422e10 10 API calls 10014->10020 10023 7ff7564253ce 10014->10023 10015 7ff756425379 10086 7ff756427a70 10015->10086 10016->10015 10018 7ff756422e10 10 API calls 10016->10018 10018->10015 10020->10023 10022 7ff756425381 10024 7ff756425449 10022->10024 10025 7ff75642538d 10022->10025 10256 7ff756424350 10023->10256 10026 7ff756422ef0 10 API calls 10024->10026 10089 7ff756424550 GetProcAddress 10025->10089 10026->10029 10027 7ff756427a70 12 API calls 10027->10030 10029->9341 10031 7ff756425690 10029->10031 10030->10013 10032 7ff756427100 15 API calls 10031->10032 10034 7ff7564256a6 10032->10034 10033 7ff7564256c6 10035 7ff756428360 10 API calls 10033->10035 10034->10033 10037 7ff756422e80 10 API calls 10034->10037 10036 7ff756425712 10035->10036 10038 7ff7564258dc 10036->10038 10039 7ff75642571b 10036->10039 10037->10033 10040 7ff756422e10 10 API calls 10038->10040 10042 7ff756428360 10 API calls 10039->10042 10041 7ff756423c03 10040->10041 10041->9341 10068 7ff756425910 strlen 10041->10068 10043 7ff756425746 10042->10043 10044 7ff7564258f8 10043->10044 10045 7ff75642574f 10043->10045 10046 7ff756422e10 10 API calls 10044->10046 10047 7ff7564250a0 fputc 10045->10047 10046->10041 10048 7ff7564257bb 10047->10048 10049 7ff7564258b7 10048->10049 10050 7ff7564257c6 10048->10050 10051 7ff756422e10 10 API calls 10049->10051 10052 7ff756428360 10 API calls 10050->10052 10051->10041 10053 7ff7564257de 10052->10053 10054 7ff7564257e7 10053->10054 10055 7ff7564258ea 10053->10055 10262 7ff7564250f0 10054->10262 10056 7ff756422e10 10 API calls 10055->10056 10056->10041 10060 7ff75642582b 10061 7ff756425837 10060->10061 10062 7ff7564258ce 10060->10062 10064 7ff756425872 free 10061->10064 10065 7ff756425860 free 10061->10065 10063 7ff756422e10 10 API calls 10062->10063 10063->10041 10066 7ff756425883 10064->10066 10065->10064 10065->10065 10066->10041 10067 7ff756422e10 10 API calls 10066->10067 10067->10041 10069 7ff75642594d 10068->10069 10070 7ff756425a39 10069->10070 10077 7ff756425959 10069->10077 10071 7ff756422e10 10 API calls 10070->10071 10072 7ff756423c0f 10071->10072 10072->9341 10078 7ff756425b20 10072->10078 10073 7ff756421bf0 10 API calls 10073->10077 10074 7ff756421c30 27 API calls 10074->10077 10075 7ff756422e10 10 API calls 10075->10077 10076 7ff756425a01 free 10076->10077 10077->10072 10077->10073 10077->10074 10077->10075 10077->10076 10079 7ff756425b32 10078->10079 10082 7ff756425b38 10078->10082 10079->9341 10080 7ff756421bf0 10 API calls 10080->10082 10082->10079 10082->10080 10286 7ff756425a50 strlen 10082->10286 10084 7ff75642f460 fputc 10083->10084 10085 7ff7564250b8 10084->10085 10085->10009 10085->10010 10087 7ff756428360 10 API calls 10086->10087 10088 7ff756427a83 LoadLibraryExW free 10087->10088 10088->10022 10090 7ff75642457c GetProcAddress 10089->10090 10091 7ff756424bc1 10089->10091 10092 7ff756424598 GetProcAddress 10090->10092 10093 7ff756424bac 10090->10093 10094 7ff756422ef0 10 API calls 10091->10094 10096 7ff756424b97 10092->10096 10097 7ff7564245b4 GetProcAddress 10092->10097 10095 7ff756422ef0 10 API calls 10093->10095 10253 7ff756424b54 10094->10253 10095->10253 10098 7ff756422ef0 10 API calls 10096->10098 10099 7ff756424c30 10097->10099 10100 7ff7564245d0 GetProcAddress 10097->10100 10098->10253 10101 7ff756422ef0 10 API calls 10099->10101 10102 7ff756424c18 10100->10102 10103 7ff7564245ec GetProcAddress 10100->10103 10101->10253 10104 7ff756422ef0 10 API calls 10102->10104 10105 7ff756424608 GetProcAddress 10103->10105 10106 7ff756424c00 10103->10106 10104->10253 10108 7ff756424beb 10105->10108 10109 7ff756424624 GetProcAddress 10105->10109 10107 7ff756422ef0 10 API calls 10106->10107 10107->10253 10110 7ff756422ef0 10 API calls 10108->10110 10111 7ff756424640 GetProcAddress 10109->10111 10112 7ff756424bd6 10109->10112 10110->10253 10114 7ff756425068 10111->10114 10115 7ff75642465c 10111->10115 10113 7ff756422ef0 10 API calls 10112->10113 10113->10253 10118 7ff756422ef0 10 API calls 10114->10118 10116 7ff756424668 GetProcAddress 10115->10116 10117 7ff756424b60 GetProcAddress 10115->10117 10120 7ff756424c90 10116->10120 10121 7ff756424684 GetProcAddress 10116->10121 10117->10116 10119 7ff756424b7c 10117->10119 10118->10253 10122 7ff756422ef0 10 API calls 10119->10122 10125 7ff756422ef0 10 API calls 10120->10125 10123 7ff756424c78 10121->10123 10124 7ff7564246a0 GetProcAddress 10121->10124 10122->10253 10126 7ff756422ef0 10 API calls 10123->10126 10127 7ff7564246bc GetProcAddress 10124->10127 10128 7ff756424c60 10124->10128 10125->10253 10126->10253 10130 7ff756424c48 10127->10130 10131 7ff7564246d8 GetProcAddress 10127->10131 10129 7ff756422ef0 10 API calls 10128->10129 10129->10253 10134 7ff756422ef0 10 API calls 10130->10134 10132 7ff756424cf0 10131->10132 10133 7ff7564246f4 GetProcAddress 10131->10133 10135 7ff756422ef0 10 API calls 10132->10135 10136 7ff756424cd8 10133->10136 10137 7ff756424710 GetProcAddress 10133->10137 10134->10253 10135->10253 10140 7ff756422ef0 10 API calls 10136->10140 10138 7ff75642472c GetProcAddress 10137->10138 10139 7ff756424cc0 10137->10139 10141 7ff756424ca8 10138->10141 10142 7ff756424748 GetProcAddress 10138->10142 10143 7ff756422ef0 10 API calls 10139->10143 10140->10253 10144 7ff756422ef0 10 API calls 10141->10144 10145 7ff756424d20 10142->10145 10146 7ff756424764 GetProcAddress 10142->10146 10143->10253 10144->10253 10147 7ff756422ef0 10 API calls 10145->10147 10148 7ff756424d08 10146->10148 10149 7ff756424780 GetProcAddress 10146->10149 10147->10253 10150 7ff756422ef0 10 API calls 10148->10150 10151 7ff75642479c GetProcAddress 10149->10151 10152 7ff756424d50 10149->10152 10150->10253 10153 7ff756424d38 10151->10153 10154 7ff7564247b8 GetProcAddress 10151->10154 10155 7ff756422ef0 10 API calls 10152->10155 10156 7ff756422ef0 10 API calls 10153->10156 10157 7ff756424d98 10154->10157 10158 7ff7564247d4 GetProcAddress 10154->10158 10155->10253 10156->10253 10159 7ff756422ef0 10 API calls 10157->10159 10160 7ff756424d80 10158->10160 10161 7ff7564247f0 GetProcAddress 10158->10161 10159->10253 10162 7ff756422ef0 10 API calls 10160->10162 10163 7ff756424d68 10161->10163 10164 7ff75642480c GetProcAddress 10161->10164 10162->10253 10167 7ff756422ef0 10 API calls 10163->10167 10165 7ff756424828 GetProcAddress 10164->10165 10166 7ff756424db0 10164->10166 10168 7ff756424e28 10165->10168 10169 7ff756424844 GetProcAddress 10165->10169 10170 7ff756422ef0 10 API calls 10166->10170 10167->10253 10173 7ff756422ef0 10 API calls 10168->10173 10171 7ff756424e10 10169->10171 10172 7ff756424860 GetProcAddress 10169->10172 10170->10253 10176 7ff756422ef0 10 API calls 10171->10176 10174 7ff756424df8 10172->10174 10175 7ff75642487c GetProcAddress 10172->10175 10173->10253 10177 7ff756422ef0 10 API calls 10174->10177 10178 7ff756424898 GetProcAddress 10175->10178 10179 7ff756424de0 10175->10179 10176->10253 10177->10253 10181 7ff756424dc8 10178->10181 10182 7ff7564248b4 GetProcAddress 10178->10182 10180 7ff756422ef0 10 API calls 10179->10180 10180->10253 10185 7ff756422ef0 10 API calls 10181->10185 10183 7ff756424e40 10182->10183 10184 7ff7564248d0 GetProcAddress 10182->10184 10188 7ff756422ef0 10 API calls 10183->10188 10186 7ff7564248ec GetProcAddress 10184->10186 10187 7ff756424e70 10184->10187 10185->10253 10190 7ff756424e58 10186->10190 10191 7ff756424908 GetProcAddress 10186->10191 10189 7ff756422ef0 10 API calls 10187->10189 10188->10253 10189->10253 10194 7ff756422ef0 10 API calls 10190->10194 10192 7ff756424ea0 10191->10192 10193 7ff756424924 GetProcAddress 10191->10193 10195 7ff756422ef0 10 API calls 10192->10195 10196 7ff756424e88 10193->10196 10197 7ff756424940 GetProcAddress 10193->10197 10194->10253 10195->10253 10198 7ff756422ef0 10 API calls 10196->10198 10199 7ff75642495c GetProcAddress 10197->10199 10200 7ff756424ed0 10197->10200 10198->10253 10201 7ff756424eb8 10199->10201 10202 7ff756424978 GetProcAddress 10199->10202 10203 7ff756422ef0 10 API calls 10200->10203 10204 7ff756422ef0 10 API calls 10201->10204 10205 7ff756424f30 10202->10205 10206 7ff756424994 GetProcAddress 10202->10206 10203->10253 10204->10253 10207 7ff756422ef0 10 API calls 10205->10207 10208 7ff756424f18 10206->10208 10209 7ff7564249b0 GetProcAddress 10206->10209 10207->10253 10210 7ff756422ef0 10 API calls 10208->10210 10211 7ff7564249cc GetProcAddress 10209->10211 10212 7ff756424f00 10209->10212 10210->10253 10213 7ff756424ee8 10211->10213 10214 7ff7564249e8 GetProcAddress 10211->10214 10215 7ff756422ef0 10 API calls 10212->10215 10216 7ff756422ef0 10 API calls 10213->10216 10217 7ff756424fc0 10214->10217 10218 7ff756424a04 GetProcAddress 10214->10218 10215->10253 10216->10253 10221 7ff756422ef0 10 API calls 10217->10221 10219 7ff756424fa8 10218->10219 10220 7ff756424a20 GetProcAddress 10218->10220 10224 7ff756422ef0 10 API calls 10219->10224 10222 7ff756424a3c GetProcAddress 10220->10222 10223 7ff756424f90 10220->10223 10221->10253 10225 7ff756424f78 10222->10225 10226 7ff756424a58 GetProcAddress 10222->10226 10227 7ff756422ef0 10 API calls 10223->10227 10224->10253 10228 7ff756422ef0 10 API calls 10225->10228 10229 7ff756424f60 10226->10229 10230 7ff756424a74 GetProcAddress 10226->10230 10227->10253 10228->10253 10231 7ff756422ef0 10 API calls 10229->10231 10232 7ff756424f48 10230->10232 10233 7ff756424a90 GetProcAddress 10230->10233 10231->10253 10236 7ff756422ef0 10 API calls 10232->10236 10234 7ff756424aac GetProcAddress 10233->10234 10235 7ff756425050 10233->10235 10237 7ff756425038 10234->10237 10238 7ff756424ac8 GetProcAddress 10234->10238 10239 7ff756422ef0 10 API calls 10235->10239 10236->10253 10242 7ff756422ef0 10 API calls 10237->10242 10240 7ff756425020 10238->10240 10241 7ff756424ae4 GetProcAddress 10238->10241 10239->10253 10243 7ff756422ef0 10 API calls 10240->10243 10244 7ff756425008 10241->10244 10245 7ff756424b00 GetProcAddress 10241->10245 10242->10253 10243->10253 10246 7ff756422ef0 10 API calls 10244->10246 10247 7ff756424b1c GetProcAddress 10245->10247 10248 7ff756424ff0 10245->10248 10246->10253 10250 7ff756424fd8 10247->10250 10251 7ff756424b38 GetProcAddress 10247->10251 10249 7ff756422ef0 10 API calls 10248->10249 10249->10253 10254 7ff756422ef0 10 API calls 10250->10254 10252 7ff756425080 10251->10252 10251->10253 10255 7ff756422ef0 10 API calls 10252->10255 10253->10029 10254->10253 10255->10253 10257 7ff75642435b 10256->10257 10258 7ff756428360 10 API calls 10257->10258 10259 7ff756424374 10258->10259 10260 7ff75642f19b 5 API calls 10259->10260 10261 7ff756424381 10260->10261 10261->10027 10261->10030 10263 7ff756425104 10262->10263 10264 7ff7564251a2 strncmp 10263->10264 10265 7ff756421bf0 10 API calls 10263->10265 10266 7ff756425218 10263->10266 10267 7ff7564251ca mbstowcs 10263->10267 10271 7ff75642521d 10263->10271 10264->10263 10265->10263 10270 7ff75642526b _setmode 10266->10270 10266->10271 10267->10263 10268 7ff7564252f6 10267->10268 10269 7ff756422e10 10 API calls 10268->10269 10269->10271 10272 7ff756425282 _fileno _setmode 10270->10272 10278 7ff756428460 calloc 10271->10278 10273 7ff75642529a fflush 10272->10273 10274 7ff7564252a9 fflush 10273->10274 10275 7ff7564252b5 10274->10275 10276 7ff7564252c6 setbuf 10275->10276 10277 7ff7564252d7 setbuf 10276->10277 10277->10271 10279 7ff7564284d9 10278->10279 10282 7ff756428486 10278->10282 10279->10060 10280 7ff7564284f0 10280->10060 10281 7ff756428360 10 API calls 10281->10282 10282->10280 10282->10281 10283 7ff7564284b1 10282->10283 10284 7ff7564284c0 free 10283->10284 10284->10284 10285 7ff7564284d1 free 10284->10285 10285->10279 10287 7ff756425a87 10286->10287 10288 7ff756425ac7 10287->10288 10289 7ff756425afc 10287->10289 10291 7ff756425ad7 10288->10291 10292 7ff756422e10 10 API calls 10288->10292 10290 7ff756422e10 10 API calls 10289->10290 10290->10291 10291->10082 10293 7ff756425af0 10292->10293 10293->10082 10294->9350 10295->9348 10297 7ff756422440 10296->10297 10298 7ff756422475 10297->10298 10299 7ff756422e10 10 API calls 10297->10299 10298->9367 10299->10297 10303 7ff75642e250 setlocale 10300->10303 10304 7ff75642e28f setlocale 10303->10304 10305 7ff75642e27f _strdup 10303->10305 10306 7ff75642e52d wcstombs realloc wcstombs setlocale free 10304->10306 10307 7ff75642e2ae 10304->10307 10305->10304 10308 7ff756424200 strcpy 10306->10308 10307->10306 10309 7ff75642e2bd mbstowcs 10307->10309 10308->9379 10310 7ff75642e210 10309->10310 10311 7ff75642e316 mbstowcs 10310->10311 10312 7ff75642e356 10311->10312 10313 7ff75642e52a 10312->10313 10320 7ff75642e38a 10312->10320 10313->10306 10314 7ff75642e43b wcstombs 10317 7ff75642e45d 10314->10317 10318 7ff75642e46b wcstombs 10314->10318 10315 7ff75642e4a0 wcstombs realloc wcstombs 10316 7ff75642e501 setlocale free 10315->10316 10316->10308 10317->10318 10318->10316 10319 7ff75642e496 10318->10319 10319->10316 10320->10314 10320->10315 10322 7ff75642ee21 10321->10322 10323 7ff75642ee32 memset 10322->10323 10324 7ff75642ee55 memcpy 10322->10324 10325 7ff75642763e 10323->10325 10324->10325 10325->9500 10326 7ff7564276f0 10325->10326 10327 7ff7564276fe 10326->10327 10328 7ff756427730 wcscmp 10327->10328 10340 7ff756427721 10327->10340 10329 7ff756427743 wcscat 10328->10329 10328->10340 10330 7ff75642775d 10329->10330 10331 7ff756427790 _wremove 10329->10331 10346 7ff756428730 FindFirstFileExW 10330->10346 10333 7ff75642779d Sleep _wremove 10331->10333 10331->10340 10333->10340 10335 7ff7564277b8 _wrmdir 10335->10340 10336 7ff756427766 10337 7ff756428190 13 API calls 10336->10337 10338 7ff75642777c 10337->10338 10339 7ff7564275b0 24 API calls 10338->10339 10339->10340 10340->9503 10342 7ff75642ef01 10341->10342 10343 7ff75642ef31 memcpy 10342->10343 10344 7ff75642ef10 memset 10342->10344 10345 7ff75642efa1 10343->10345 10344->10345 10345->9503 10347 7ff756428764 FindClose 10346->10347 10348 7ff756427762 10346->10348 10347->10348 10348->10335 10348->10336 11346 7ff756428de0 11348 7ff756428de5 11346->11348 11347 7ff756428800 4 API calls 11347->11348 11348->11347 11349 7ff756428d7b 11348->11349 11432 7ff756429100 11434 7ff756428e5a 11432->11434 11435 7ff756428d7b 11432->11435 11433 7ff756428800 4 API calls 11433->11434 11434->11433 11434->11435 11530 7ff7564294b0 11531 7ff7564294be 11530->11531 11532 7ff7564294dc memcpy 11531->11532 11535 7ff756428e51 11531->11535 11532->11535 11533 7ff756428800 4 API calls 11533->11535 11534 7ff756428d7b 11535->11533 11535->11534 9094 7ff7564295d0 9097 7ff756428e5a 9094->9097 9096 7ff756428d7b 9097->9096 9098 7ff756428800 9097->9098 9099 7ff7564288c0 malloc 9098->9099 9100 7ff756428822 9098->9100 9099->9100 9103 7ff75642886b 9099->9103 9101 7ff756428898 memcpy 9100->9101 9102 7ff756428842 memcpy 9100->9102 9101->9103 9102->9103 9104 7ff756428900 memcpy 9102->9104 9103->9097 9104->9103

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00007FF756421154 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 420 7ff756421154-7ff756421193 call 7ff756438538 423 7ff7564211a8-7ff7564211d5 420->423 424 7ff756421195-7ff75642119f 420->424 425 7ff7564211f8-7ff75642122d 423->425 424->423 426 7ff7564211d7-7ff7564211df 425->426 427 7ff75642122f-7ff75642123b 425->427 428 7ff7564211ea-7ff7564211ef 426->428 429 7ff7564211e1-7ff7564211e8 426->429 430 7ff756421249-7ff756421254 427->430 431 7ff75642123d-7ff756421247 _amsg_exit 427->431 428->425 429->427 433 7ff75642127e 430->433 434 7ff756421256-7ff75642127c _initterm 430->434 432 7ff756421288-7ff756421294 431->432 435 7ff7564212bc-7ff7564212c0 432->435 436 7ff756421296-7ff7564212b6 _initterm 432->436 433->432 434->432 437 7ff7564212e0-7ff7564212ed 435->437 438 7ff7564212c2-7ff7564212dd 435->438 436->435 439 7ff75642130b-7ff756421363 call 7ff75642d6e8 call 7ff756437c70 call 7ff75642cee0 call 7ff756437b20 437->439 440 7ff7564212ef-7ff756421304 437->440 438->437 450 7ff7564213d3-7ff7564213de 439->450 451 7ff756421365 439->451 440->439 452 7ff7564213e0-7ff7564213eb 450->452 453 7ff756421401-7ff756421447 call 7ff7564215c4 call 7ff75642cc27 call 7ff75642cc50 450->453 454 7ff756421386-7ff756421391 451->454 457 7ff7564213ed-7ff7564213f4 452->457 458 7ff7564213f6 452->458 473 7ff75642144c-7ff75642145a 453->473 455 7ff756421367-7ff756421372 454->455 456 7ff756421393-7ff75642139d 454->456 464 7ff756421381 455->464 465 7ff756421374-7ff75642137e 455->465 461 7ff7564213ac-7ff7564213b6 456->461 462 7ff75642139f-7ff7564213a3 456->462 463 7ff7564213fb 457->463 458->463 468 7ff7564213b8-7ff7564213c3 461->468 469 7ff7564213c5-7ff7564213d0 461->469 462->455 467 7ff7564213a5 462->467 463->453 464->454 465->464 467->461 468->469 471 7ff7564213a7 468->471 469->450 471->461 474 7ff756421469-7ff756421471 473->474 475 7ff75642145c-7ff756421464 exit 473->475 476 7ff756421478-7ff756421486 474->476 477 7ff756421473 _cexit 474->477 475->474 477->476
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _initterm$_amsg_exit_cexitexit
                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                              • API String ID: 602970348-4108050209
                                                                                                                                                                                                                              • Opcode ID: 48a45a2dfa001bc1c4f29a48986b399cd1a9cddb3affad530eacaa3c2eafcdcf
                                                                                                                                                                                                                              • Instruction ID: c3f6ba7dfb9a2f563c1f9c12026e11fc8ac698319d49d17b6bcaa1f7244ce968
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48a45a2dfa001bc1c4f29a48986b399cd1a9cddb3affad530eacaa3c2eafcdcf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20A1C425F08B0689FB50AB55EC813BEA3A1BB44B89F984035DE4C977A4DF3DE650C760
                                                                                                                                                                                                                              Function 00007FF756428DE0 Relevance: 6.9, Strings: 5, Instructions: 602COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: incorrect data check$invalid block type$invalid literal/length code$invalid stored block lengths$too many length or distance symbols
                                                                                                                                                                                                                              • API String ID: 0-817236767
                                                                                                                                                                                                                              • Opcode ID: 88fc15b65d04fd6e2952f14b9d668765ad669c7974596a541a211b8a7c566fe6
                                                                                                                                                                                                                              • Instruction ID: 2ec2f8347a397cfc8b323a05bf7bd39a5f8cbd3733cf379fd6b2c798733a8cf4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88fc15b65d04fd6e2952f14b9d668765ad669c7974596a541a211b8a7c566fe6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F420773E1C2928BD3509F26D84897FBBA6FB44784FA94134DA5A83784DB3DDA44CB10
                                                                                                                                                                                                                              Function 00007FF7564295D0 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid distances set$invalid literal/lengths set
                                                                                                                                                                                                                              • API String ID: 0-1153561608
                                                                                                                                                                                                                              • Opcode ID: 18b93ba1e2b5b375b9910b67d4f1762c78eda6b4f68046103d018e811f1a2e3c
                                                                                                                                                                                                                              • Instruction ID: 0c46a75266376de83275f279fb51128a37c87705f9cb89835d7a699cf751d059
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18b93ba1e2b5b375b9910b67d4f1762c78eda6b4f68046103d018e811f1a2e3c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EF1F532A186528BD7509F15D888A7FB7E6FB40384FEA4135DE4A43784DF3AEA44CB10
                                                                                                                                                                                                                              Function 00007FF756421DC0 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 123COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$fclose$freadfreemallocstrcpystrtok
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                              • API String ID: 790192563-666925554
                                                                                                                                                                                                                              • Opcode ID: d19f82ae7dce00346859621caeb1e48d9f6daabe870ca91133479effd4923612
                                                                                                                                                                                                                              • Instruction ID: 99cc6697f95f0ee5cc0ec9eeb7df71127576f878b47f56586e1de6a91c00d9a8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d19f82ae7dce00346859621caeb1e48d9f6daabe870ca91133479effd4923612
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42418C60B0960645FA54BB229D506BBD253AF017D8FEC4135DE2D0BBD6EF2EB7848360
                                                                                                                                                                                                                              Function 00007FF756427390 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 118COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _wputenv_s.MSVCRT ref: 00007FF7564273E1
                                                                                                                                                                                                                              • free.MSVCRT ref: 00007FF7564273EC
                                                                                                                                                                                                                              • GetTempPathW.KERNEL32 ref: 00007FF756427410
                                                                                                                                                                                                                              • _getpid.MSVCRT(?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427416
                                                                                                                                                                                                                              • _wtempnam.MSVCRT ref: 00007FF75642743F
                                                                                                                                                                                                                              • free.MSVCRT ref: 00007FF756427454
                                                                                                                                                                                                                              • free.MSVCRT ref: 00007FF75642747E
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427100: GetEnvironmentVariableW.KERNEL32 ref: 00007FF75642712C
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF75642726B
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: free.MSVCRT ref: 00007FF756427276
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: _wfullpath.MSVCRT ref: 00007FF75642729E
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: wcschr.MSVCRT(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF7564272CD
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: wcsncpy.MSVCRT ref: 00007FF7564272FB
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427305
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: wcschr.MSVCRT(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427310
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427322
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$CreateDirectoryEnvironmentwcschr$ExpandPathStringsTempVariable_getpid_wfullpath_wputenv_s_wtempnamwcsncpy
                                                                                                                                                                                                                              • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                              • API String ID: 2180377646-1116378104
                                                                                                                                                                                                                              • Opcode ID: ab9b272da45234c433301e65be1a69a0975bbb4549896671d0dcc15f2e3d4d6a
                                                                                                                                                                                                                              • Instruction ID: 9d368621290f0f4c402ee325548c6e400c0359eba4c88fcdb36737c8f531b3ea
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab9b272da45234c433301e65be1a69a0975bbb4549896671d0dcc15f2e3d4d6a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82417911F0861745EEA5B722AE212BBC6822F55BD0FEC4031EC0E47796ED3EE7848274
                                                                                                                                                                                                                              Function 00007FF756427AE0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 98processsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fileno_get_osfhandlesignal$Process$ByteCharCodeCommandCreateExitInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                              • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                              • API String ID: 979768843-3524285272
                                                                                                                                                                                                                              • Opcode ID: 283ebe96b6f9e732354aaa17e5d0142c826c4d20509961a5428b2b9139989279
                                                                                                                                                                                                                              • Instruction ID: af140b051601bfb08c823c77f684e4f2803b3c299ff658a7f21c8307951a1e98
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 283ebe96b6f9e732354aaa17e5d0142c826c4d20509961a5428b2b9139989279
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30418D32A086868AF760AB60F8143EBE261EB90784F944135DA8D47BC9DF7DD1848B50
                                                                                                                                                                                                                              Function 00007FF756421850 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 198fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 101 7ff756421850-7ff7564218bd call 7ff756428c60 104 7ff756421b3b-7ff756421b53 call 7ff756422e10 101->104 105 7ff7564218c3-7ff7564218d3 malloc 101->105 119 7ff756421b58-7ff756421b76 104->119 106 7ff756421b9a-7ff756421bb1 call 7ff756422f90 105->106 107 7ff7564218d9-7ff7564218e9 malloc 105->107 116 7ff756421b92 106->116 110 7ff756421b7b-7ff756421b8d call 7ff756422f90 107->110 111 7ff7564218ef 107->111 110->116 115 7ff7564218f3-7ff756421915 fread 111->115 117 7ff75642191b-7ff756421925 ferror 115->117 118 7ff756421a35 115->118 116->106 117->118 120 7ff75642192b-7ff756421945 117->120 121 7ff756421a3a-7ff756421a67 call 7ff75642ab00 free * 2 118->121 122 7ff756421ad0-7ff756421ad8 119->122 124 7ff756421948-7ff756421964 call 7ff756428d10 120->124 123 7ff7564219d3-7ff7564219d5 122->123 123->124 126 7ff7564219db-7ff7564219f5 123->126 133 7ff75642196a-7ff75642196d 124->133 134 7ff756421a10-7ff756421a13 124->134 129 7ff7564219fb-7ff7564219fe 126->129 130 7ff756421bb3-7ff756421bb5 126->130 129->115 132 7ff756421a04-7ff756421a0c 129->132 130->121 132->121 135 7ff756421a0e 132->135 137 7ff756421973-7ff75642198c 133->137 138 7ff756421a70-7ff756421a76 133->138 136 7ff756421a19-7ff756421a1c 134->136 134->137 141 7ff756421a22-7ff756421a30 call 7ff756422e10 135->141 136->141 139 7ff756421a80-7ff756421a89 137->139 140 7ff756421992-7ff7564219b4 fwrite 137->140 138->141 139->123 144 7ff756421a8f-7ff756421a93 139->144 142 7ff7564219ba-7ff7564219c9 ferror 140->142 143 7ff756421b2d-7ff756421b36 140->143 141->118 142->143 146 7ff7564219cf 142->146 143->141 147 7ff756421ae0-7ff756421b2b 144->147 148 7ff756421a95-7ff756421a99 144->148 146->123 147->122 148->119 149 7ff756421a9f-7ff756421aa2 148->149 149->122 150 7ff756421aa4-7ff756421ab5 149->150 150->122 151 7ff756421ab7-7ff756421acb 150->151 151->122
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc$ferrorfree$freadfwrite
                                                                                                                                                                                                                              • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$_MEIPASS2$malloc
                                                                                                                                                                                                                              • API String ID: 1635854594-2784975069
                                                                                                                                                                                                                              • Opcode ID: 639ff019d47014236fc238da0af0b4e2317e6cf735e3b1188166d2121ee88990
                                                                                                                                                                                                                              • Instruction ID: ec6cfa7f1847b110d8fb15979342396b67fcc964f6c6722d7f8c46ba4de3ba9b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 639ff019d47014236fc238da0af0b4e2317e6cf735e3b1188166d2121ee88990
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3481B122B0CA8585E760AB11AC403AFE2A2EB557D4FA84131DF8D437D5EF7DE685C710
                                                                                                                                                                                                                              Function 00007FF756428590 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen_snwprintfcallocfree
                                                                                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                              • API String ID: 1339360106-2855260032
                                                                                                                                                                                                                              • Opcode ID: df849b20b0b41f6944a4e2584610a8402a85b3e53edd2631f9010341ef435d6f
                                                                                                                                                                                                                              • Instruction ID: dfa5ac7855e31a02cf33030ebe5de684059d1df0b75b48d8e1971619ece95fae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df849b20b0b41f6944a4e2584610a8402a85b3e53edd2631f9010341ef435d6f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E131B43170864246E7506B51BD0076BA361EB95BE0FA84331EE6D47BD9DF3DE609C710
                                                                                                                                                                                                                              Function 00007FF75642E5C0 Relevance: 25.9, APIs: 17, Instructions: 353COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 167 7ff75642e5c0-7ff75642e5ed call 7ff756438558 170 7ff75642e5ff-7ff75642e618 setlocale 167->170 171 7ff75642e5ef-7ff75642e5fb _strdup 167->171 172 7ff75642e61e-7ff75642e627 170->172 173 7ff75642ea4b-7ff75642eac1 wcstombs realloc wcstombs setlocale free 170->173 171->170 172->173 174 7ff75642e62d-7ff75642e6d2 mbstowcs call 7ff75642e210 mbstowcs 172->174 175 7ff75642eac8-7ff75642ead4 173->175 178 7ff75642e73b-7ff75642e740 174->178 179 7ff75642e6d4-7ff75642e6df 174->179 182 7ff75642e75b-7ff75642e765 178->182 183 7ff75642e742-7ff75642e751 178->183 180 7ff75642e6ee-7ff75642e703 179->180 181 7ff75642e6e1-7ff75642e6ec 179->181 184 7ff75642e75a 180->184 185 7ff75642e705-7ff75642e713 180->185 181->178 181->180 187 7ff75642e76b-7ff75642e77b 182->187 188 7ff75642ea41-7ff75642ea44 182->188 183->182 186 7ff75642e753-7ff75642e758 183->186 184->182 185->184 189 7ff75642e715-7ff75642e736 setlocale free 185->189 186->182 190 7ff75642e7d1-7ff75642e7db 187->190 188->173 191 7ff75642ea46-7ff75642ea49 189->191 192 7ff75642e77d-7ff75642e788 190->192 193 7ff75642e7dd 190->193 191->175 194 7ff75642e78a-7ff75642e795 192->194 195 7ff75642e79e-7ff75642e7a9 192->195 196 7ff75642e7e0-7ff75642e7e8 193->196 197 7ff75642e797 194->197 198 7ff75642e7cc 194->198 199 7ff75642e799 195->199 200 7ff75642e7ab-7ff75642e7b6 195->200 201 7ff75642e7ea-7ff75642e993 196->201 202 7ff75642e7ef-7ff75642e7fc 196->202 197->195 198->190 199->195 200->199 203 7ff75642e7b8-7ff75642e7c2 200->203 211 7ff75642e9a2-7ff75642e9a7 201->211 212 7ff75642e995-7ff75642e9a0 201->212 205 7ff75642e818-7ff75642e820 202->205 206 7ff75642e7fe-7ff75642e809 202->206 209 7ff75642e7df 203->209 210 7ff75642e7c4-7ff75642e7c8 203->210 207 7ff75642e87a-7ff75642e890 205->207 208 7ff75642e822-7ff75642e82d 205->208 206->202 213 7ff75642e80b-7ff75642e816 206->213 216 7ff75642e897-7ff75642e8a2 207->216 214 7ff75642e83c-7ff75642e851 208->214 215 7ff75642e82f-7ff75642e83a 208->215 209->196 210->198 218 7ff75642e9ba-7ff75642ea19 wcstombs realloc wcstombs 211->218 212->211 217 7ff75642e9a9-7ff75642e9b5 212->217 213->202 213->205 214->207 219 7ff75642e853-7ff75642e862 214->219 215->207 215->214 220 7ff75642e892 216->220 221 7ff75642e8a4-7ff75642e8af 216->221 217->218 222 7ff75642ea1e-7ff75642ea3f setlocale free 218->222 219->207 223 7ff75642e864-7ff75642e873 219->223 220->216 221->220 224 7ff75642e8b1-7ff75642e8bd 221->224 222->191 223->207 225 7ff75642e875 223->225 226 7ff75642e8bf-7ff75642e8d1 224->226 227 7ff75642e8d3-7ff75642e8d7 224->227 225->207 226->227 228 7ff75642e8db-7ff75642e8e3 226->228 227->228 229 7ff75642e93a-7ff75642e944 228->229 230 7ff75642e8e5-7ff75642e902 229->230 231 7ff75642e946-7ff75642e96f wcstombs 229->231 232 7ff75642e920-7ff75642e92b 230->232 233 7ff75642e904-7ff75642e917 230->233 231->222 234 7ff75642e975-7ff75642e983 231->234 236 7ff75642e92d-7ff75642e938 232->236 237 7ff75642e91b 232->237 233->229 235 7ff75642e919 233->235 234->222 235->232 236->229 236->237 237->232
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcstombs$setlocale$free$mbstowcsrealloc$_strdup
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 918573998-0
                                                                                                                                                                                                                              • Opcode ID: 1b3812c3699734dcf587a73f7e71f482f0d233d0d3bfa27c5a8aecc8cb6e083d
                                                                                                                                                                                                                              • Instruction ID: db5125e36322cdfa287046d2c3342de524fa4f952155542650ef9d0954d311ae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b3812c3699734dcf587a73f7e71f482f0d233d0d3bfa27c5a8aecc8cb6e083d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7FF16066F04B19C8EB40AB66C8402BE77B1FB44B88F988436DE4D17799EF39D591C320
                                                                                                                                                                                                                              Function 00007FF756421FC0 Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 144COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freadmalloc$fcloseferrorfree
                                                                                                                                                                                                                              • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 1320676746-1463511288
                                                                                                                                                                                                                              • Opcode ID: 3c2b9707c05bd718fc3cedc404173e0bd3ad635540e2eafbe78ef4b1f9c04d1b
                                                                                                                                                                                                                              • Instruction ID: 0aa77a9d8b13c0d9fdf93004cff6408e5beda5ca2f6a18aa8f2ef86d0556f1c3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c2b9707c05bd718fc3cedc404173e0bd3ad635540e2eafbe78ef4b1f9c04d1b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F519F71B0960697EA24EB15DD4057BA7A2BF48784F988035DB0C43B95DF3EE6A08720
                                                                                                                                                                                                                              Function 00007FF756421810 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 285stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 280 7ff756421810-7ff756423cc3 call 7ff7564282b0 call 7ff75642e210 call 7ff7564222f0 288 7ff756424078 280->288 289 7ff756423cc9-7ff756423cdc call 7ff756424430 280->289 291 7ff756424080-7ff75642408f call 7ff756426020 288->291 289->288 294 7ff756423ce2-7ff756423cf7 call 7ff7564244c0 289->294 297 7ff75642409f-7ff7564240b3 call 7ff756426450 call 7ff7564262f0 291->297 298 7ff756424091-7ff75642409d call 7ff756426240 291->298 294->288 302 7ff756423cfd-7ff756423d12 call 7ff7564244b0 294->302 315 7ff7564240c0-7ff7564240d0 call 7ff7564221f0 297->315 298->297 306 7ff756424118-7ff756424125 call 7ff756426570 298->306 302->288 311 7ff756423d18-7ff756423d2d call 7ff756427100 302->311 318 7ff75642412a-7ff756424135 fclose 306->318 316 7ff756423e90-7ff756423ea1 call 7ff7564271f0 call 7ff7564221f0 311->316 317 7ff756423d33-7ff756423d4d call 7ff756427100 311->317 327 7ff756423d96-7ff756423dca call 7ff756428360 315->327 328 7ff7564240d6 315->328 338 7ff756423ea6-7ff756423ea8 316->338 331 7ff756423d78-7ff756423d90 call 7ff7564271f0 call 7ff7564221f0 317->331 332 7ff756423d4f-7ff756423d55 317->332 322 7ff7564240e6-7ff7564240f5 call 7ff756422e10 318->322 322->288 341 7ff756424137-7ff756424143 call 7ff756422e10 327->341 342 7ff756423dd0-7ff756423de9 SetDllDirectoryW call 7ff7564262b0 327->342 329 7ff756424066-7ff756424073 call 7ff756422e10 328->329 329->288 331->315 331->327 335 7ff756423d5b-7ff756423d73 free call 7ff7564271f0 332->335 336 7ff756424040 332->336 335->331 346 7ff756424050-7ff756424060 call 7ff7564221f0 336->346 345 7ff756423eae-7ff756423ece call 7ff756423660 338->345 338->346 341->288 357 7ff756423f88-7ff756423f98 call 7ff756425e00 342->357 358 7ff756423def-7ff756423df4 call 7ff7564262f0 342->358 360 7ff756423f7e call 7ff7564262b0 345->360 361 7ff756423ed4-7ff756423ed9 345->361 346->329 359 7ff756423ee8-7ff756423efd call 7ff7564244f0 346->359 357->291 374 7ff756423f9e-7ff756423fab call 7ff7564262f0 357->374 367 7ff756423df9-7ff756423e06 strcmp 358->367 370 7ff7564240e0 359->370 371 7ff756423f03-7ff756423f50 call 7ff756427e80 359->371 368 7ff756423f83 360->368 361->359 372 7ff756423e08-7ff756423e2b call 7ff756423c60 367->372 373 7ff756423e4a-7ff756423e73 call 7ff756423bd0 call 7ff756423be0 call 7ff756423c40 call 7ff756426450 call 7ff7564262f0 367->373 368->357 370->322 371->318 384 7ff756423f56-7ff756423f78 call 7ff756423660 371->384 372->288 385 7ff756423e31-7ff756423e45 strcpy 372->385 402 7ff756423e78-7ff756423e8d 373->402 374->367 383 7ff756423fb1-7ff756423fc0 call 7ff7564236c0 374->383 383->288 394 7ff756423fc6-7ff756423fd0 383->394 384->360 384->361 385->373 396 7ff756423fd9-7ff756423fec call 7ff756427190 call 7ff756427ad0 394->396 397 7ff756423fd2 394->397 396->288 405 7ff756423ff2-7ff756424003 call 7ff756423c50 call 7ff756427ae0 396->405 397->396 409 7ff756424008-7ff756424025 call 7ff756426450 call 7ff7564262f0 405->409 414 7ff75642402b-7ff756424033 call 7ff756422330 409->414 415 7ff756424100-7ff75642410c call 7ff7564275b0 409->415 414->402 415->414
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$EnvironmentVariable$DirectoryFileModuleNamecallocstrcmpstrcpy
                                                                                                                                                                                                                              • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                              • API String ID: 4056350997-3096095006
                                                                                                                                                                                                                              • Opcode ID: 22179caade36efdfbc2172771dd4ff5b84ab063682f2a16b8d3d2afe5853d811
                                                                                                                                                                                                                              • Instruction ID: 107b25bdae6c66ca5c1d129a16ecde2d52da695fb57b9960c3cdddc461e04623
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22179caade36efdfbc2172771dd4ff5b84ab063682f2a16b8d3d2afe5853d811
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9C1A421A0C64241EA21BB21DC111BBE766AF55BC0FEC4131ED4E477D6DE3EE7858760
                                                                                                                                                                                                                              Function 00007FF7564277D0 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 102stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$ByteCharMultiWidefreememsetstrcpystrtok
                                                                                                                                                                                                                              • String ID: WARNING: file already exists but should not: %s
                                                                                                                                                                                                                              • API String ID: 901113649-146164175
                                                                                                                                                                                                                              • Opcode ID: 6ce9a1a33ba393f4860b269d4a53ae99ba231c0041621e78626bdd633eea0d94
                                                                                                                                                                                                                              • Instruction ID: f4af8d2194830ce4e815c9a9e58a5fffb888d1e8f7f685c724b2f1091a863a50
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ce9a1a33ba393f4860b269d4a53ae99ba231c0041621e78626bdd633eea0d94
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3317252B4855645FA61B712AC116FBC242AF44BC4FEC4431EE0E47BC6DE2DE789C260
                                                                                                                                                                                                                              Function 00007FF756428800 Relevance: 5.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: mallocmemcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4276657696-0
                                                                                                                                                                                                                              • Opcode ID: 61eaa1ab35641a1ad6f539a3031d6a572ba3cd1bcdd971e16e585366fc5a0095
                                                                                                                                                                                                                              • Instruction ID: 3600a818f693711f500f225426d62238d9085f2c2623bd7b57e7b9a2d52acd84
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61eaa1ab35641a1ad6f539a3031d6a572ba3cd1bcdd971e16e585366fc5a0095
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E31D773B251458FD7A09B26E88466FE7A2FB947C0F985034DB4A87F40DA7DF5458B00
                                                                                                                                                                                                                              Function 00007FF756427E80 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freemalloc
                                                                                                                                                                                                                              • String ID: _MEIPASS2
                                                                                                                                                                                                                              • API String ID: 3061335427-3944641314
                                                                                                                                                                                                                              • Opcode ID: 4cff6b6cad217516d5f18f1402c44efe948d7df5116e8e993a2d94d60ba9fd56
                                                                                                                                                                                                                              • Instruction ID: e5ec16ee1829e522e37a96411d739f1bb4cad514cda05919f8aa653df9efc284
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4cff6b6cad217516d5f18f1402c44efe948d7df5116e8e993a2d94d60ba9fd56
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B21CF12B0C15241FE50BA129D047BBD6576F45BC8FED0431EE0D0BB96EE3EEA42C220
                                                                                                                                                                                                                              Function 00007FF7564262B0 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 879 7ff7564262b0-7ff7564262c6 calloc 880 7ff7564262c8-7ff7564262cc 879->880 881 7ff7564262cd-7ff7564262ea call 7ff756422f90 879->881 881->880
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: calloc
                                                                                                                                                                                                                              • String ID: Cannot allocate memory for SPLASH_STATUS.$calloc
                                                                                                                                                                                                                              • API String ID: 2635317215-799113134
                                                                                                                                                                                                                              • Opcode ID: 14a32cd857dbd92defe4032d862b57eb2578cba3fc4f595bda8e0d1e37d21c2a
                                                                                                                                                                                                                              • Instruction ID: dd1c10921128daa3421269f8ce70b8a04720951501f15b1df472871224103e11
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14a32cd857dbd92defe4032d862b57eb2578cba3fc4f595bda8e0d1e37d21c2a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52E0EC55F0860A81EA24770098411BBA752DF94384FED4439D90C067A5DD3DE7958774
                                                                                                                                                                                                                              Function 00007FF75642F2E0 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fsetpos
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 850078086-0
                                                                                                                                                                                                                              • Opcode ID: 95a1f5fe9a5fe2a7bfad161a45af88282180bbd6d4cb238cd0f8543df206dc4d
                                                                                                                                                                                                                              • Instruction ID: 6dc0603f1b0e48ab199095cff567d017997c988efcd5cbb94f89ea8b75353811
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95a1f5fe9a5fe2a7bfad161a45af88282180bbd6d4cb238cd0f8543df206dc4d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02116F72B04B4699EF50AF248C010AE73A5BB047D8FD40A34EA1D07B99DF39D2508660
                                                                                                                                                                                                                              Function 00007FF7564221F0 Relevance: 3.0, APIs: 2, Instructions: 48stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclosestrcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3396940900-0
                                                                                                                                                                                                                              • Opcode ID: 67b9c138f64c062950822254549c01f77f7913ed73fb174ca7ab50e10f6ad347
                                                                                                                                                                                                                              • Instruction ID: 0f7f25681d1eee72fab4f0bc496a874a5912d5ae7d797ab5f590e117a845395e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67b9c138f64c062950822254549c01f77f7913ed73fb174ca7ab50e10f6ad347
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A11E561B1868241FB60BA71ED103FB92928F54BD4FAC8132DD0C877CADE2ED6858330
                                                                                                                                                                                                                              Function 00007FF75642F19B Relevance: 2.6, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freememsetwcslen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2332356550-0
                                                                                                                                                                                                                              • Opcode ID: cd8622858ce1eac2765d9d2649409cc29117ca4291402bbeaad830a0dff25b8d
                                                                                                                                                                                                                              • Instruction ID: 36a510c692ff4fa0b2f5d6a9c649f26d6931365fca009a7fca3c4cbe2612b3bd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd8622858ce1eac2765d9d2649409cc29117ca4291402bbeaad830a0dff25b8d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D731D966B00B1489DB10DF76D48109D7BB1FB58BA8B548526EE1C53B68EB34C591C7A0
                                                                                                                                                                                                                              Function 00007FF7564244F0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF756428360: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF756422F80), ref: 00007FF756428396
                                                                                                                                                                                                                              • _wfopen.MSVCRT ref: 00007FF756424535
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_wfopen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 372205238-0
                                                                                                                                                                                                                              • Opcode ID: 23ef8f33a25aac41143890430be6b00d3d12b7085065af13003f8baabe36ac29
                                                                                                                                                                                                                              • Instruction ID: d9d799acbba621591183e005fca8bcb32f40c2d24a6c81bb0f074081e5f854f5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23ef8f33a25aac41143890430be6b00d3d12b7085065af13003f8baabe36ac29
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AE09A91B0822105E9247216AE157EEC252AF4AFC0E988031EE0E2BB8A8D2ED3478715
                                                                                                                                                                                                                              Function 00007FF7564294B0 Relevance: 1.4, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3510742995-0
                                                                                                                                                                                                                              • Opcode ID: d2088d4701c2f0b9b3182c60aed0944f2c33270913291ab00f2f521c4473f7f6
                                                                                                                                                                                                                              • Instruction ID: 2c3a9fccfd00c5f6334ada610a9820d9c2700ec960aa441aac4da2d035adce56
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2088d4701c2f0b9b3182c60aed0944f2c33270913291ab00f2f521c4473f7f6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4651C937E182428BE7A0DA16E848A3FB7E5FB447D4FA98035DE5543A84CB39D984CF10
                                                                                                                                                                                                                              Function 00007FF756428C60 Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                              • Opcode ID: cfa0da2336491b7a88924ea460807e7c19be704343887749ee5261d5bae8cc1d
                                                                                                                                                                                                                              • Instruction ID: 2d89e31c7fce57fe78573331ec0fbbe0a1ebd445aea707b20a3b394d2f943465
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfa0da2336491b7a88924ea460807e7c19be704343887749ee5261d5bae8cc1d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6121B671A0AB4249FBA46B169C5033EA592EB84F94FBC4234CD1E477D4DF3ADA868350

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00007FF756424550 Relevance: 291.1, APIs: 55, Strings: 111, Instructions: 566libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc
                                                                                                                                                                                                                              • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                                                              • API String ID: 190572456-3109299426
                                                                                                                                                                                                                              • Opcode ID: 26d20ef8488b2f106917b289c7f0faee4fc78964a3530c16ce4383ccecddc025
                                                                                                                                                                                                                              • Instruction ID: 81892d492ed581974f48092a98644d87e8a09c22d8d04c0f11bbf4a7a5344c4a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26d20ef8488b2f106917b289c7f0faee4fc78964a3530c16ce4383ccecddc025
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A52C320E59B0B90FE55FB14FD911BBA796AF94380FEC1532C40D062A5EEADE3859730
                                                                                                                                                                                                                              Function 00007FF7564226A0 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 194windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: MessageSend$Create$Window$BaseClientDialogFontIconIndirectInfoLoadMetricParametersRectSystemUnits
                                                                                                                                                                                                                              • String ID: $BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                              • API String ID: 3223904152-1365983254
                                                                                                                                                                                                                              • Opcode ID: 44230c5549678586c376b2ef53c252f9aa80533ad4b521eb5059e48c1012b8cc
                                                                                                                                                                                                                              • Instruction ID: 6f09ad8fac8cbfa0f28572833ff19d22212126f62ce3c6770eaf20c1bbe98a88
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44230c5549678586c376b2ef53c252f9aa80533ad4b521eb5059e48c1012b8cc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C591BE36214B9482E7509F61E85479BB761F788BC8F64413ADE8C0BB98CF7EC585CB50
                                                                                                                                                                                                                              Function 00007FF756427FA0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharErrorFormatLastMessageMultiWide
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                              • API String ID: 1653872744-2573406579
                                                                                                                                                                                                                              • Opcode ID: ad2549d3c2a23705f7db247113c1d342cb32283b1be670dbff4683e9cb5cf3dc
                                                                                                                                                                                                                              • Instruction ID: cbb7016172ae3ed8332ddfd02595a66b937e3be9630b98f9ed0b25fdbda4c009
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad2549d3c2a23705f7db247113c1d342cb32283b1be670dbff4683e9cb5cf3dc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D421AE71B08A0386F760BB14FC103ABA2A2AB54384FEC5134E94D066A8DF3DD789C720
                                                                                                                                                                                                                              Function 00007FF756421720 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                                                                                              • String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
                                                                                                                                                                                                                              • API String ID: 384173800-1835852900
                                                                                                                                                                                                                              • Opcode ID: eaee1e63e91aae8617825249eef17aa572b6443aebcd8db626c500a16e78915b
                                                                                                                                                                                                                              • Instruction ID: 5d23a51a68c1411a3854bfd08df8d9f7865da761d777cee6d1c52ec2ef6b524e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eaee1e63e91aae8617825249eef17aa572b6443aebcd8db626c500a16e78915b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD010924E0AA1B91E915BB05FC501BAA3A5BF897C5FDC5131CE0D17364AF2CE746C360
                                                                                                                                                                                                                              Function 00007FF75643506A Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 1364COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: Infinity$NaN
                                                                                                                                                                                                                              • API String ID: 0-4285296124
                                                                                                                                                                                                                              • Opcode ID: 4dc7d1ea745c2af15dd6c843f45918d75bf415c104e6a928d026365ce6ed057c
                                                                                                                                                                                                                              • Instruction ID: 7e538e3ce8438a2a115ae080dd4be4caf46f3cc289cb6bc23db59179ca7f161b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4dc7d1ea745c2af15dd6c843f45918d75bf415c104e6a928d026365ce6ed057c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00E25932A04B8A8EE755DF78C8443AE77A1FB0578CF548225EA0D5BB59DB38E5C1CB10
                                                                                                                                                                                                                              Function 00007FF7564297C0 Relevance: 3.9, Strings: 3, Instructions: 137COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: incorrect header check$invalid window size$unknown compression method
                                                                                                                                                                                                                              • API String ID: 0-1186847913
                                                                                                                                                                                                                              • Opcode ID: 0075f20ed05d3e577a2f003cb1149f48fc0b778c5317e10ddb746b811fbe8dfb
                                                                                                                                                                                                                              • Instruction ID: f61a9d55a1e2aee6e74f612771beb899bbf76ce675ec87b44a84f51eeefa7f56
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0075f20ed05d3e577a2f003cb1149f48fc0b778c5317e10ddb746b811fbe8dfb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA512872E0C6128AE754AE11884C67F76A6FB44384FA98138DE1E87380DF3DE644D724
                                                                                                                                                                                                                              Function 00007FF756428730 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                                              • Opcode ID: e25e836382b278535f9ab979f37052ac40aa0d1f9001f9f80c7784fbdfc12c49
                                                                                                                                                                                                                              • Instruction ID: af13aa349b52fb905fc1a30396e9d37b8b3a3a2284169b81a083f2bcf1b40ac1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e25e836382b278535f9ab979f37052ac40aa0d1f9001f9f80c7784fbdfc12c49
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15F06529A2964181F7E07B60F90836EA690B794778FD84334DA7D416D8CF7CC6498B11
                                                                                                                                                                                                                              Function 00007FF7564297E0 Relevance: 1.5, APIs: 1, Instructions: 253COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3510742995-0
                                                                                                                                                                                                                              • Opcode ID: 72eea4f30ca852e28536c9a19eeb7720d27a33ca866cb6ab0c6b81e265a4ba4b
                                                                                                                                                                                                                              • Instruction ID: e706977dc6bd875c3ebf2554d985962bef717dc45bd1507a6b99d22780b6ec6c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72eea4f30ca852e28536c9a19eeb7720d27a33ca866cb6ab0c6b81e265a4ba4b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1B1C572E183518AE7659F16C448B3FBBA6FB45784FA94138DF4907B80DB3ADA00CB54
                                                                                                                                                                                                                              Function 00007FF75642B420 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 5b07fec390a3ed19b7c0b4f0f3d463f94b665158c3f3c0e62fee80f4db6c3a83
                                                                                                                                                                                                                              • Instruction ID: 9a382a3ec352d9234fc980a6ea46901f973df5808e4e3fa73699f93b525b00c8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b07fec390a3ed19b7c0b4f0f3d463f94b665158c3f3c0e62fee80f4db6c3a83
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CD1F933A1C69286D7259F14E44037FF7A1FB94788F984135EA8A53B94DB3EEA44CB10
                                                                                                                                                                                                                              Function 00007FF75642BF00 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 174d8c40d74f5250c3812590805098c9af9f5ccb6097f010e20a8fac96bef09d
                                                                                                                                                                                                                              • Instruction ID: 790c2b573f8164b48b20671606b2da1281285d69e2068757adf29fe3d4214b54
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 174d8c40d74f5250c3812590805098c9af9f5ccb6097f010e20a8fac96bef09d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B7194B22105508BE356CF6DD4A4B7E33D1F75DB4AF850629FB43C72C1CA289960DB10
                                                                                                                                                                                                                              Function 00007FF75642C1C0 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: a5df3160d236cdee44e2519f9d1e194cb283972d8248d10f5330d926aca6503b
                                                                                                                                                                                                                              • Instruction ID: 76fc6731f4a66c11a0a7bce8a3a0d99b22b18ed4a4dc10aecefb87ed1401164f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5df3160d236cdee44e2519f9d1e194cb283972d8248d10f5330d926aca6503b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9141E4B7E1454687FBE45B5898107BBB242BF15790FE8A130DD4A57B80CE2EFA058A70
                                                                                                                                                                                                                              Function 00007FF756426240 Relevance: 166.6, APIs: 31, Strings: 64, Instructions: 348libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoadfree
                                                                                                                                                                                                                              • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                              • API String ID: 4213687213-1453502826
                                                                                                                                                                                                                              • Opcode ID: 0bca8fb7483f10bb6edf41e0412fe697704fe9efdc22929072ba91370bb0e1ca
                                                                                                                                                                                                                              • Instruction ID: 44f1fb58b110722755e4386233c7126286d48d72ec8b9c7c53193fa4a2fa6d3f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bca8fb7483f10bb6edf41e0412fe697704fe9efdc22929072ba91370bb0e1ca
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4302B560A0DB4B91FE15FB15EC511B7A3A6AF64780FEC5432C80D062A5EF6DE7899330
                                                                                                                                                                                                                              Function 00007FF7564237C0 Relevance: 33.5, APIs: 6, Strings: 13, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID: %s%c%s.py$Absolute path to script exceeds PATH_MAX$Could not get __main__ module's dict.$Could not get __main__ module.$Failed to unmarshal code object for %s$Traceback is disabled via bootloader option.$\$__file__$__main__$_pyi_main_co$format_exception$pyi-disable-windowed-traceback$traceback
                                                                                                                                                                                                                              • API String ID: 1294909896-4198433784
                                                                                                                                                                                                                              • Opcode ID: b354f38828b5287e80f2ebefe15ffe2b9d66ff57f6db4c48c3be1d40b29893f8
                                                                                                                                                                                                                              • Instruction ID: df694204dc3e25ff5a9559092111b5e44e035d4c0e622783c5e1e7347a791aa4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b354f38828b5287e80f2ebefe15ffe2b9d66ff57f6db4c48c3be1d40b29893f8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92B12C25B09A4A85EA41BB16EC5427AA361BF86FC1FD84032DD4E077B5EE3CE645D320
                                                                                                                                                                                                                              Function 00007FF75642E250 Relevance: 25.7, APIs: 17, Instructions: 223COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcstombs$setlocale$freembstowcsrealloc$_strdup
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1093732947-0
                                                                                                                                                                                                                              • Opcode ID: 797288d3ac6f07e0d4276088f5466b877e5e972e1ab7c4050277d7103c7e42f2
                                                                                                                                                                                                                              • Instruction ID: 1db79d0b17a2b49cde863077cbd0d6afdbdb20133efaa0587f3893a6b815e255
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 797288d3ac6f07e0d4276088f5466b877e5e972e1ab7c4050277d7103c7e42f2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FA14E66B15B1988EB40ABA6DC402BE63B1FB08BC8F984435DE5D17B99EF3DD541C320
                                                                                                                                                                                                                              Function 00007FF756425690 Relevance: 25.6, APIs: 2, Strings: 15, Instructions: 140COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$EnvironmentVariable
                                                                                                                                                                                                                              • String ID: %s%c%s%c%s%c%s%c%s$;$;$Error detected starting Python VM.$Failed to convert argv to wchar_t$Failed to convert progname to wchar_t$Failed to convert pyhome to wchar_t$Failed to convert pypath to wchar_t$Invalid value for PYTHONUTF8=%s; disabling utf-8 mode!$PYTHONUTF8$\$\$base_library.zip$lib-dynload$sys.path (based on %s) exceeds buffer[%d] space
                                                                                                                                                                                                                              • API String ID: 471908985-2552457735
                                                                                                                                                                                                                              • Opcode ID: 57f29d2f7fe5f92c94e50010cc3d1a8e926e81fff562166a1aa0ed7694ea2e0d
                                                                                                                                                                                                                              • Instruction ID: fab9024fa5497dc4109cc9ef84bf25bfbc5413f57841228a5465dcc18a5e28ac
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57f29d2f7fe5f92c94e50010cc3d1a8e926e81fff562166a1aa0ed7694ea2e0d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7617D21E19A4A85FA15BB11EC5027BA362BF54B84FDC4032D90E177A1CF2EE755C720
                                                                                                                                                                                                                              Function 00007FF7564232F0 Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 202stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF756423280: strcpy.MSVCRT(?,?,_MEIPASS2,?,00007FF75642376C), ref: 00007FF7564232C3
                                                                                                                                                                                                                              • strcmp.MSVCRT ref: 00007FF75642347C
                                                                                                                                                                                                                              • strcmp.MSVCRT ref: 00007FF75642349F
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427960: fread.MSVCRT ref: 00007FF7564279D1
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427960: ferror.MSVCRT ref: 00007FF7564279E1
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427960: clearerr.MSVCRT(?,00000000,?,00007FF7564233A7,?,00000000,?,00000000,?,?,_MEIPASS2,?,00007FF75642376C), ref: 00007FF7564279ED
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427960: fclose.MSVCRT ref: 00007FF756427A29
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427960: fclose.MSVCRT ref: 00007FF756427A31
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclosestrcmp$clearerrferrorfreadstrcpy
                                                                                                                                                                                                                              • String ID: %s%s%s$%s%s%s%s%s$%s%s%s%s%s%s%s$%s%s%s.exe$%s%s%s.pkg$Archive not found: %s$Archive path exceeds PATH_MAX$Error copying %s$Error extracting %s$Error opening archive %s$_MEIPASS2$malloc
                                                                                                                                                                                                                              • API String ID: 2929065527-1083822304
                                                                                                                                                                                                                              • Opcode ID: 7cddd8090777741a3746d255658898dd58f9441d5213178a4a7d83b95573a76e
                                                                                                                                                                                                                              • Instruction ID: 9bdd2742824f6214dec77aa29170160cafe2a4196ca225420c8927150b3f304f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cddd8090777741a3746d255658898dd58f9441d5213178a4a7d83b95573a76e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B815021A08A4691EA21BB21EC401FBE366AF40BD4FE84132ED4D47795DE3DE786C360
                                                                                                                                                                                                                              Function 00007FF7564250F0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 138stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: mbstowcsstrncmp
                                                                                                                                                                                                                              • String ID: Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$_MEIPASS2$pyi-
                                                                                                                                                                                                                              • API String ID: 1807066385-1485234868
                                                                                                                                                                                                                              • Opcode ID: ed1570afcb3850cbb0f22facbff62a62bf6a525bd8db3598a162388f4d850246
                                                                                                                                                                                                                              • Instruction ID: 0e43c1a1ddffc1f783b79698a7263629eb5bcfb556746bbcfc6cc9f216d5963f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed1570afcb3850cbb0f22facbff62a62bf6a525bd8db3598a162388f4d850246
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3517061F0864695FB19BB26DC443BBA752AB45BD4FD84431CD0E073E2DE7EE6818720
                                                                                                                                                                                                                              Function 00007FF756427230 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF756428360: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF756422F80), ref: 00007FF756428396
                                                                                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF75642726B
                                                                                                                                                                                                                              • free.MSVCRT ref: 00007FF756427276
                                                                                                                                                                                                                              • _wfullpath.MSVCRT ref: 00007FF75642729E
                                                                                                                                                                                                                              • wcschr.MSVCRT(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF7564272CD
                                                                                                                                                                                                                              • wcsncpy.MSVCRT ref: 00007FF7564272FB
                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427305
                                                                                                                                                                                                                              • wcschr.MSVCRT(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427310
                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427322
                                                                                                                                                                                                                              • _wcsdup.MSVCRT ref: 00007FF75642733B
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF756427370
                                                                                                                                                                                                                              • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF756427380
                                                                                                                                                                                                                              • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF756427350
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateDirectorywcschr$ByteCharEnvironmentExpandMultiStringsWide_wcsdup_wfullpathfreewcsncpy
                                                                                                                                                                                                                              • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                              • API String ID: 2066369749-3498232454
                                                                                                                                                                                                                              • Opcode ID: 5247fef59679886257c5bf5a256c6734bef9e0f1e2e6a48fd98f629562cc69ca
                                                                                                                                                                                                                              • Instruction ID: 88439b70e96b13e9b7ab2288a127839aa165c811a0e4d6b400e7f0697a4875dc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5247fef59679886257c5bf5a256c6734bef9e0f1e2e6a48fd98f629562cc69ca
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3031CF51B0864649FA65B762AD153BBD282AF48BC0FDC4430DE0E5B7C6ED3EE6418270
                                                                                                                                                                                                                              Function 00007FF756421C30 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 103COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclosefreadfreemalloc
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 3295367466-3659356012
                                                                                                                                                                                                                              • Opcode ID: f018644a4521c934d7b2f62d31c1a1cca118b0161295a41991035e1af4ae9fa3
                                                                                                                                                                                                                              • Instruction ID: 11f6c4ad33155e39f9bcd5aac7a1325b7f5d318a7d8844d7e310150ccb03e704
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f018644a4521c934d7b2f62d31c1a1cca118b0161295a41991035e1af4ae9fa3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E31DF22B0A55695FE55BB129C506BB9312AF10BD8FEC4032DE0D07A85EF3EE785C320
                                                                                                                                                                                                                              Function 00007FF756425550 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$setlocale$_strdupcalloc
                                                                                                                                                                                                                              • String ID: Fatal error: unable to decode the command line argument #%i$out of memory
                                                                                                                                                                                                                              • API String ID: 3058678114-3355598041
                                                                                                                                                                                                                              • Opcode ID: 7eaad2981d7da0d02c6a0a00ac48e674d4a4e0ca5ddd125e23427e13a03e8eb4
                                                                                                                                                                                                                              • Instruction ID: 1a0b740bf270a335d902a9ed261f6ec8cf24caf78e918af0555323f20e673ccc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7eaad2981d7da0d02c6a0a00ac48e674d4a4e0ca5ddd125e23427e13a03e8eb4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E21BF11B0A54A45FA69B711DC513BBD253AF94BC4FDC8434DD4E17782EE3DAA818320
                                                                                                                                                                                                                              Function 00007FF756422B20 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$_wcsdup$DeleteDestroyDialogHandleIconIndirectModuleObjectParammemset
                                                                                                                                                                                                                              • String ID: Unhandled exception in script
                                                                                                                                                                                                                              • API String ID: 2803985813-2699770090
                                                                                                                                                                                                                              • Opcode ID: 37dfb40971409e979137f2f0e06be02fd159d4bafa6a5e0d9205b753a1878405
                                                                                                                                                                                                                              • Instruction ID: 4bc556b64d53d128f31675dc2ff39da1d44cf19ad7dfa1e9204c124a20766964
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37dfb40971409e979137f2f0e06be02fd159d4bafa6a5e0d9205b753a1878405
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97218F32B0D68686EA61AB61BC546FBE361AB95B80FC80135EE4E47B45DE3CD245C720
                                                                                                                                                                                                                              Function 00007FF756426020 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 131stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlenstrncpy$callocfreememcpy
                                                                                                                                                                                                                              • String ID: SPLASH: Cannot extract requirement %s.$SPLASH: Cannot find requirement %s in archive.$_MEIPASS2
                                                                                                                                                                                                                              • API String ID: 4189425833-927121926
                                                                                                                                                                                                                              • Opcode ID: b1818637911dbbb50cb34ac56ea2bf0400b1e21893face7ee30b4df079580ba9
                                                                                                                                                                                                                              • Instruction ID: c02d53fb64f674695152dfa8069d8a4250cb6ab8c19a0ad24677160485427e72
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1818637911dbbb50cb34ac56ea2bf0400b1e21893face7ee30b4df079580ba9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4241D451B0868256EA14FA229C402FBD756BB49BC4FDC4531EE0D4778ADE3DE3858320
                                                                                                                                                                                                                              Function 00007FF756422490 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                              • String ID: P%
                                                                                                                                                                                                                              • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                              • Opcode ID: a839c26ad41a32b312ea40c23277b97f641906523e6e9437f4bb55947a152f4a
                                                                                                                                                                                                                              • Instruction ID: cedd612918f0791cfeda6a8b44b17382b459d1b5e826e5996d01d2d3650e647a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a839c26ad41a32b312ea40c23277b97f641906523e6e9437f4bb55947a152f4a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C41DC76214AA186D7208F35E40877AB7A1F788F99F488231EE4947B5CDB3CD145CB20
                                                                                                                                                                                                                              Function 00007FF756425E00 Relevance: 16.6, APIs: 9, Strings: 2, Instructions: 124stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy$mallocstrncpy$callocfreestrlenstrncat
                                                                                                                                                                                                                              • String ID: Cannot allocate memory for necessary files.$_MEIPASS2
                                                                                                                                                                                                                              • API String ID: 257583877-1389504347
                                                                                                                                                                                                                              • Opcode ID: 6d749b03425899b3223bf83acf511fa8863bfbf177ec4e93000757ee0bf71fac
                                                                                                                                                                                                                              • Instruction ID: feb11ec977c4ba71de87261458690df8a4e4c20c369bbf385dc7d68fa36198d7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d749b03425899b3223bf83acf511fa8863bfbf177ec4e93000757ee0bf71fac
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B841A162B0564646DA68EB22ED442BFE753AF447D0FD84031DF5E07B85EE7DE6828320
                                                                                                                                                                                                                              Function 00007FF756427960 Relevance: 15.1, APIs: 10, Instructions: 75fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclose$strlen$clearerrferror$_wfopenfreadfwritestrcpystrtok
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4076046571-0
                                                                                                                                                                                                                              • Opcode ID: c4c05bfaefeeb41f6d77b6e43d0602053f032e85bbfee14896d01adfe0715f87
                                                                                                                                                                                                                              • Instruction ID: ed3099dc85e6c3536c0d3cadadf150d5446d8104c987ccdc8f2ff194a6ef7f87
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4c05bfaefeeb41f6d77b6e43d0602053f032e85bbfee14896d01adfe0715f87
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE213A10B0D24345F9A576165E113BBC18A1F91BE4FAC1130ED1E1BBC6ED2EEB414270
                                                                                                                                                                                                                              Function 00007FF75643205B Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 176stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwprintf$___lc_codepage_func___mb_cur_max_funcfputwcmemsetstrlen
                                                                                                                                                                                                                              • String ID: %*.*S$%-*.*S$%.*S
                                                                                                                                                                                                                              • API String ID: 1485978544-2115465065
                                                                                                                                                                                                                              • Opcode ID: 29922263b1f62db41a3f93710390ba13a1f3212ebb201cd2458deb1966da752c
                                                                                                                                                                                                                              • Instruction ID: f4aa763495daee2573bfae5fcf5897ff6fab45887a50bc98992e4ac592b01431
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29922263b1f62db41a3f93710390ba13a1f3212ebb201cd2458deb1966da752c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79810A76B04B498BEB60DF2ACC806AE77E0F748BD8B458525EE4C47B58DB38D540CB50
                                                                                                                                                                                                                              Function 00007FF756428190 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                              • API String ID: 1374691127-27947307
                                                                                                                                                                                                                              • Opcode ID: 2545d0353a916761d4542fb4aef4a3359127c86309c8a96d9da67dca59b4f963
                                                                                                                                                                                                                              • Instruction ID: fca7f80cb3b30287f1915d42e4579255b9296baab424beed0b9a74e16cf045be
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2545d0353a916761d4542fb4aef4a3359127c86309c8a96d9da67dca59b4f963
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8021B521B08B0688F664BB65AC5037BE692AF543D4FAC4135EE4D06AD5DF7DD2488320
                                                                                                                                                                                                                              Function 00007FF7564280A0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                              • String ID: Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Out of memory.$WideCharToMultiByte$win32_wcs_to_mbs
                                                                                                                                                                                                                              • API String ID: 1374691127-3831141058
                                                                                                                                                                                                                              • Opcode ID: 7687b120f5d68f14857768de490d6f183c415b6ed4b9c9d44ffb99422ad470ab
                                                                                                                                                                                                                              • Instruction ID: 1741a48fd9d5f1e1b54171ad7304172594eb265a8bc860694ca178a6d5a88e8e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7687b120f5d68f14857768de490d6f183c415b6ed4b9c9d44ffb99422ad470ab
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6921CF22A0C70B49E760BB25EC4037BE692EB443D4FE84235ED4D066D8DF7DE2888320
                                                                                                                                                                                                                              Function 00007FF756427CC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errnostrerror$_strdupcalloc
                                                                                                                                                                                                                              • String ID: LOADER: failed to allocate argv_pyi: %s$LOADER: failed to strdup argv[%d]: %s
                                                                                                                                                                                                                              • API String ID: 4278403329-2782260415
                                                                                                                                                                                                                              • Opcode ID: 2c40a0f7f0ce766427336e1a05f901444ae4812d5eb5a0f8592c5193bbc86394
                                                                                                                                                                                                                              • Instruction ID: 51b3dd3d28792b885d03ac05643cb88c2fd5ef35446e9fb33632fa5fa5c892d3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c40a0f7f0ce766427336e1a05f901444ae4812d5eb5a0f8592c5193bbc86394
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37119361B296078BE660BB61EC401B7F252AF55790FEC5535CD1E07395EE3DAA84C320
                                                                                                                                                                                                                              Function 00007FF756428360 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 60COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                              • String ID: %s%s: %s$Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                              • API String ID: 1374691127-2292745976
                                                                                                                                                                                                                              • Opcode ID: 4c35b7fcd9c4acc0e2c22bd52eda775e71ee31f6d29f81a5e8fd2a31075b0d5b
                                                                                                                                                                                                                              • Instruction ID: d4f5ba196e576bd034dfb8784cf9d33b89efd3d36c106ff6553e7798bed543d6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c35b7fcd9c4acc0e2c22bd52eda775e71ee31f6d29f81a5e8fd2a31075b0d5b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF11C361B08A0689FA24B766AC1037BD252BF587D4FEC4231CE0D06AD5EE3DE3459320
                                                                                                                                                                                                                              Function 00007FF756425910 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 85stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freestrlen
                                                                                                                                                                                                                              • String ID: Failed to get _MEIPASS as PyObject.$Module object for %s is NULL!$_MEIPASS$_MEIPASS2$strict$utf-8
                                                                                                                                                                                                                              • API String ID: 322734593-568040347
                                                                                                                                                                                                                              • Opcode ID: 6a039fad5d8352ecb81073e895250e2407f4e9590927e68fdc358fc8b21bb072
                                                                                                                                                                                                                              • Instruction ID: 6a6ca7be4c288e0957a2eeefe615593aec62d80b61dc47d593016b27a5b47032
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a039fad5d8352ecb81073e895250e2407f4e9590927e68fdc358fc8b21bb072
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3316122B18A4A81EA54BB22EC4517BE362BF55BD0FDC4432DD0E477A5DE3CE645C320
                                                                                                                                                                                                                              Function 00007FF756426660 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 157COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID: _image_data$exit$rename ::source ::_source$source$tclInit$tcl_findLibrary
                                                                                                                                                                                                                              • API String ID: 1294909896-1126984729
                                                                                                                                                                                                                              • Opcode ID: 9e9dc98b241340206b3950fdc0f0b46dac06dc95ab4fb8e499913a0f4b5c1936
                                                                                                                                                                                                                              • Instruction ID: eab4dd0b926c2c0a619ba2fcf92d1fade8526a57d71ff20f9268ca23d41fadda
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e9dc98b241340206b3950fdc0f0b46dac06dc95ab4fb8e499913a0f4b5c1936
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B71FD36A09E4686EB10AF21EC547AAB360FB48F89F884136DE4D57764DF3CD649C360
                                                                                                                                                                                                                              Function 00007FF7564275B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcscat$ByteCharMultiWide_wrmdirwcslen
                                                                                                                                                                                                                              • String ID: _MEIPASS2
                                                                                                                                                                                                                              • API String ID: 3789554339-3944641314
                                                                                                                                                                                                                              • Opcode ID: 96c3ffd8a9f7418ae10f1445c318b44d92cba0f883aef55ab62338f85fa98de8
                                                                                                                                                                                                                              • Instruction ID: fa35194f80666ea8afcf5d6bde31baac4f0b36ef2da3bf4919086d6bcb5d91c3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96c3ffd8a9f7418ae10f1445c318b44d92cba0f883aef55ab62338f85fa98de8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88210552B0814248E960BB16AC446FBE252BB85BE0FDC9531EE1E1B7C6ED3DE741D320
                                                                                                                                                                                                                              Function 00007FF756425A50 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 56stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen
                                                                                                                                                                                                                              • String ID: %U?%llu$Failed to append to sys.path$Installing PYZ: Could not get sys.path$path$strict$utf-8
                                                                                                                                                                                                                              • API String ID: 39653677-2762566162
                                                                                                                                                                                                                              • Opcode ID: 38afba6078b464e7bce29b3b02907e9609ced751e64e5a12c42e31d9d0db83e8
                                                                                                                                                                                                                              • Instruction ID: 1dcff61cdbb7bde23abe7437a42db6862a4954d33ba51825fb1ae2744ddfd38f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38afba6078b464e7bce29b3b02907e9609ced751e64e5a12c42e31d9d0db83e8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA113026B09A4A81EA00BF15EC511BAA361AF58FD5FDC4131CE1D53764EE3CE696C720
                                                                                                                                                                                                                              Function 00007FF7564276F0 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcscatwcscmp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3846154227-0
                                                                                                                                                                                                                              • Opcode ID: d6935a6bedf87a00fe86b0961995327ae8b14cc3a7484df73dc8f561e4ba821a
                                                                                                                                                                                                                              • Instruction ID: c267cb8b09946727a04d5037e105af57d98f778980f92874f5e94f241c5cef6b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6935a6bedf87a00fe86b0961995327ae8b14cc3a7484df73dc8f561e4ba821a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2114F15B0C54749FA64BB62AD102BBD296AF84BC0FEC5131DE0E462D6EE2DF7458231
                                                                                                                                                                                                                              Function 00007FF756432358 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwprintf$fputwc
                                                                                                                                                                                                                              • String ID: %*.*s$%-*.*s$%.*s
                                                                                                                                                                                                                              • API String ID: 2988249585-4054516066
                                                                                                                                                                                                                              • Opcode ID: a91dbb357188acd3bef83ce65dae52733958dc113a28ae759dd94a1ac569e38b
                                                                                                                                                                                                                              • Instruction ID: b126af5b3de7276bfc78cedb2a1afa26796ed10ea23dfc001b9cc14d8263756e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a91dbb357188acd3bef83ce65dae52733958dc113a28ae759dd94a1ac569e38b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6671FC76704B4A8BD760DF2AC8805AEB7E0F758BDCB458126EE4C87B58DB38D6508B50
                                                                                                                                                                                                                              Function 00007FF75642D830 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: CCG
                                                                                                                                                                                                                              • API String ID: 0-1584390748
                                                                                                                                                                                                                              • Opcode ID: a0283aa659fd33aefeedabfee0c046e1fb257396bb271c98490b9339e9f5d556
                                                                                                                                                                                                                              • Instruction ID: 626ca246157e81bd62f4a714a45c79304c261255a148602236dbce09e4688b86
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0283aa659fd33aefeedabfee0c046e1fb257396bb271c98490b9339e9f5d556
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA418472B0C6068AF720AB64DC4437E6261EB09358FB88635D92D977E4DF3DD7418320
                                                                                                                                                                                                                              Function 00007FF756427030 Relevance: 8.8, APIs: 7, Instructions: 67stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$malloc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3157260142-0
                                                                                                                                                                                                                              • Opcode ID: 83159709703c2299fe7925e78e5cae48629436a0bc2bee31d87bd5d4132e3aca
                                                                                                                                                                                                                              • Instruction ID: 2a94c7b50533074bb623bd5c4c4e0f82675abcbc4e8eea69c0988d61b9fd7dfb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83159709703c2299fe7925e78e5cae48629436a0bc2bee31d87bd5d4132e3aca
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1113002B0B15648FDAABA561D117BBC5C21F4BBD4E9C4430EE0E0B782FD3FA6858360
                                                                                                                                                                                                                              Function 00007FF756422A60 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DialogLongWindow$InvalidateRect
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1200242243-0
                                                                                                                                                                                                                              • Opcode ID: 8d1a1ef33b5918aab71f8057aab11e969dfa1f6eed953f59965c6464f5913edc
                                                                                                                                                                                                                              • Instruction ID: 37987f8d7f14ad9a1decfada38f6e13283ac7f177bc82a38689025f033598544
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d1a1ef33b5918aab71f8057aab11e969dfa1f6eed953f59965c6464f5913edc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF019221E0D02743FB7877666D452BFE296EF98751FEC9431CD0E45F888C3E6A825221
                                                                                                                                                                                                                              Function 00007FF756422D50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF756428360: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF756422F80), ref: 00007FF756428396
                                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF756422DD3
                                                                                                                                                                                                                              • MessageBoxA.USER32 ref: 00007FF756422DFB
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to get UTF-8 buffer size.$WideCharToMultiByte
                                                                                                                                                                                                                              • API String ID: 1878133881-785100509
                                                                                                                                                                                                                              • Opcode ID: 72291810d943b3fd7814dbfecb4b19948019f643a6276dfa9e98c327c838a6ae
                                                                                                                                                                                                                              • Instruction ID: 52c54167a6cecafd0d67fafef83bcc9f755c5ee7451f63539bc0a3fb07ce2473
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72291810d943b3fd7814dbfecb4b19948019f643a6276dfa9e98c327c838a6ae
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6201D27271878445EB306A26BC057EB9281BB48FC0F888034CE4D2BF89CE3ED6868714
                                                                                                                                                                                                                              Function 00007FF756424430 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharFileModuleMultiNameWide
                                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                              • API String ID: 1532159127-1977442011
                                                                                                                                                                                                                              • Opcode ID: 453c31c0de05adf2ef5b00bbe1a4aa2b08751834a0fa89641782537bb64b6f0e
                                                                                                                                                                                                                              • Instruction ID: a597aad63af2f4ea8d8a60125774c1655f0cac43122fbb8e2c1fa2127d7307b1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 453c31c0de05adf2ef5b00bbe1a4aa2b08751834a0fa89641782537bb64b6f0e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF04F51B5C15345FA647A25EC053B782969F187C0FDC4432D80E962D6DD1EE78A9730
                                                                                                                                                                                                                              Function 00007FF756422C50 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to obtain/convert traceback!
                                                                                                                                                                                                                              • API String ID: 3219091393-982972847
                                                                                                                                                                                                                              • Opcode ID: bee722ca45895b753388207f36f55c102a5705b14af8e2fe972f21b37ba77ff0
                                                                                                                                                                                                                              • Instruction ID: 6919871a8699b60622643ef0ea056178b9d1af77ad9cac7e3f9aae95527decc5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bee722ca45895b753388207f36f55c102a5705b14af8e2fe972f21b37ba77ff0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1018401B0A2660AFDB975671D225BFC0461F05FD0DEC4434ED0E5BF82EC2EE6414360
                                                                                                                                                                                                                              Function 00007FF75642CDB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-3474627141
                                                                                                                                                                                                                              • Opcode ID: 934d28cf377e416e679c76c03d7825dfe0d7072b15b0ed15d9bcd67d60b0941d
                                                                                                                                                                                                                              • Instruction ID: 4507c431c3f014fe02f93105a87113198c2be19689ec6ae4a1566cb69a917fc4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 934d28cf377e416e679c76c03d7825dfe0d7072b15b0ed15d9bcd67d60b0941d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D215E26A04F889AD7119F69DC413EAB375FF59798F884622EE8C17764EF38D285C310
                                                                                                                                                                                                                              Function 00007FF756422F90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message_errno
                                                                                                                                                                                                                              • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                              • API String ID: 1796756983-2410924014
                                                                                                                                                                                                                              • Opcode ID: 1666825682e16e442e24faf390726be1d2bdb50f8481b4348eba228f8a7c8d0d
                                                                                                                                                                                                                              • Instruction ID: 296dda392fd0c29eae96a99433fb29ec7c4cbf280e333c6d181a3faf7cb1a385
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1666825682e16e442e24faf390726be1d2bdb50f8481b4348eba228f8a7c8d0d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44014422A1C68581E220BB51F8007DBA265FB957C0FE44135DF8C137598E3CD656CB54
                                                                                                                                                                                                                              Function 00007FF75642CE09 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-2468659920
                                                                                                                                                                                                                              • Opcode ID: 2da535da2bd4757333fa3aa968bceb381dc086e5588aeeb197cfe0b0ebe43eef
                                                                                                                                                                                                                              • Instruction ID: 2cc1dd0289216b7116b127eb9d2dfe2a9b583c20066ef37a732b56fe05ddb778
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2da535da2bd4757333fa3aa968bceb381dc086e5588aeeb197cfe0b0ebe43eef
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94017126A04F888AD7119F69D8402AAB775FF5D7D8F444722EF8D27764DF28D285C310
                                                                                                                                                                                                                              Function 00007FF75642CE16 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-4064033741
                                                                                                                                                                                                                              • Opcode ID: 39f22a682089e45495d591b86e6fbdf02cdecc1d2117ab1bc671e6e9605982f9
                                                                                                                                                                                                                              • Instruction ID: 3b29c1830f5bbc5276f2959d4b744d2efa0861a3b8aeb7a512c508b0ef96c648
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39f22a682089e45495d591b86e6fbdf02cdecc1d2117ab1bc671e6e9605982f9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2017126A04F888AD7019F69D8402AAB775FF5D7D8F444722EF8D27764DF28D284C310
                                                                                                                                                                                                                              Function 00007FF75642CDFC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-2713391170
                                                                                                                                                                                                                              • Opcode ID: 0f5fc9e47eff1ec0f68fd938a2d5b8522db0e6c69bffe2dc4161cc362c87a665
                                                                                                                                                                                                                              • Instruction ID: 65907ebc0bcc9c2f610344fef8424985d7178be9122646c89f1579b33d2b7256
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f5fc9e47eff1ec0f68fd938a2d5b8522db0e6c69bffe2dc4161cc362c87a665
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4017126A04F888AD7019F69D8402AAB775FF5D7D8F444722EF8D27764DF28D285C310
                                                                                                                                                                                                                              Function 00007FF75642CE30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-4273532761
                                                                                                                                                                                                                              • Opcode ID: 2cf80a598e604341adef02829841eeef1938b9114fd71db9b0ad75c843f83a7b
                                                                                                                                                                                                                              • Instruction ID: 5baf2e1763521f1a78aae0425a053840b0dafbca89e9d980a5f8ac96ea11f6de
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2cf80a598e604341adef02829841eeef1938b9114fd71db9b0ad75c843f83a7b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50017126A04F888AD7019F69D8402AAB775FF5D7D8F444722EF8D27764DF28D284C310
                                                                                                                                                                                                                              Function 00007FF75642CE23 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-4283191376
                                                                                                                                                                                                                              • Opcode ID: 8155ae0fc5bb890a28261478a901452564a5afd7ad45c3a65db794674abc9c0a
                                                                                                                                                                                                                              • Instruction ID: 59cc5c12725f0463db97b2f47c562045279d97b710f5fd5761f7b046d23ef48d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8155ae0fc5bb890a28261478a901452564a5afd7ad45c3a65db794674abc9c0a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D017126A04F888AD7019F69D8402AAB775FF5D7D8F444722EF8D27764DF28D284C310
                                                                                                                                                                                                                              Function 00007FF75642CE3D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-2187435201
                                                                                                                                                                                                                              • Opcode ID: 2a723d782a9163d01e90c9c1bb319a368f9ff43ef6c7322cc73139433fc85ca8
                                                                                                                                                                                                                              • Instruction ID: ac16880a99db95d332c32efd325a81ea44ce27055d595cf127c665e558cd8d9d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a723d782a9163d01e90c9c1bb319a368f9ff43ef6c7322cc73139433fc85ca8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5015E26A04F888AD7019F69D8402AAB775FB5D7D8F444722EF8D27B64DF28D2848310
                                                                                                                                                                                                                              Function 00007FF7564262F0 Relevance: 5.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.3240088837.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240056602.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240126188.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240161837.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240195934.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240228731.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240267737.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.3240298970.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                              • Opcode ID: 1bbbd3dc5f64f6f270ad0de97402caeccb35f1786ab702882d00734617abc94f
                                                                                                                                                                                                                              • Instruction ID: 01a03b573b5b7c2cd3e5edcbf06c69fb1ea8e287a4a66ea9ef3254fd7f7b4ad7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1bbbd3dc5f64f6f270ad0de97402caeccb35f1786ab702882d00734617abc94f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3F08211F0B50685FE69B661A8103BED2146F51B80FCC4030CB4D27E42DE2CB6C28320

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:1%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                              Total number of Nodes:807
                                                                                                                                                                                                                              Total number of Limit Nodes:35
                                                                                                                                                                                                                              execution_graph 71001 61b06580 PySys_GetObject 71002 61b06be6 71001->71002 71003 61b065af PyTuple_GetItem 71001->71003 71003->71002 71004 61b065c6 PyLong_AsLong PyTuple_GetItem 71003->71004 71004->71002 71005 61b065eb PyLong_AsLong PySys_GetObject 71004->71005 71006 61b06612 GetProcAddress GetProcAddress GetProcAddress PyModule_Create2 71005->71006 71007 61b06606 PyLong_AsVoidPtr 71005->71007 71006->71002 71008 61b066a6 PyModule_GetName 71006->71008 71007->71006 71008->71002 71009 61b066bb strrchr 71008->71009 71010 61b066d8 malloc 71009->71010 71011 61b0670f 71009->71011 71010->71011 71012 61b066f2 memcpy 71010->71012 71013 61b06e10 71011->71013 71014 61b0672e 71011->71014 71012->71011 71015 61b07577 exit 71013->71015 71027 61b06a3c 71013->71027 71225 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71013->71225 71016 61b06743 PyBytes_FromStringAndSize 71014->71016 71017 61b072b9 71014->71017 71021 61b06761 PyBytes_AsString 71016->71021 71057 61b06be0 71016->71057 71018 61b073f7 71017->71018 71019 61b072c9 71017->71019 71229 61b01660 13 API calls 71018->71229 71019->71015 71228 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71019->71228 71024 61b06c00 71021->71024 71025 61b0677a malloc 71021->71025 71022 61b06e40 71022->71027 71028 61b06e4c PyErr_Format 71022->71028 71023 61b06c16 _Py_Dealloc 71023->71002 71035 61b06c0a _Py_Dealloc 71024->71035 71024->71057 71025->71024 71030 61b06791 PyCMethod_New 71025->71030 71038 61b072e9 PyErr_Format 71027->71038 71041 61b07294 71027->71041 71046 61b06a57 71027->71046 71047 61b0753d 71027->71047 71039 61b06e80 71028->71039 71033 61b06c21 71030->71033 71034 61b067d9 PyCMethod_New 71030->71034 71036 61b06d60 _Py_Dealloc 71033->71036 71037 61b06c2f 71033->71037 71034->71033 71042 61b0681f PyCMethod_New 71034->71042 71035->71002 71035->71023 71036->71027 71037->71024 71051 61b0731f 71038->71051 71052 61b06e9b PyBytes_AsStringAndSize 71039->71052 71039->71057 71040 61b06a7c 71177 61b1fdb0 71040->71177 71042->71033 71043 61b06865 PyBytes_FromStringAndSize 71042->71043 71048 61b06896 PyBytes_AsString 71043->71048 71043->71057 71046->71041 71046->71057 71136 61b1f550 71046->71136 71237 61b01660 13 API calls 71047->71237 71050 61b141c0 71048->71050 71055 61b06974 _time64 srand 71050->71055 71058 61b07330 71051->71058 71059 61b07472 71051->71059 71052->71057 71073 61b06eb7 71052->71073 71053 61b07505 71236 61b01660 13 API calls 71053->71236 71054 61b06acf 71061 61b074e7 71054->71061 71062 61b06adb 71054->71062 71214 61b1db50 __iob_func abort 71055->71214 71057->71002 71057->71023 71058->71015 71082 61b07343 71058->71082 71232 61b080e0 7 API calls 71059->71232 71235 61b01660 13 API calls 71061->71235 71063 61b06c35 malloc 71062->71063 71067 61b06b74 71062->71067 71068 61b06b19 strstr 71062->71068 71069 61b06c50 71063->71069 71070 61b07529 _errno 71063->71070 71066 61b06f12 71066->71059 71080 61b06f39 memcpy 71066->71080 71077 61b07520 71067->71077 71078 61b06b85 71067->71078 71068->71067 71074 61b06b35 71068->71074 71221 61b07d90 memcpy strlen memcpy __iob_func abort 71069->71221 71075 61b07440 71070->71075 71071 61b069ae 71071->71051 71215 61b1dfc0 10 API calls 71071->71215 71072 61b06ef5 71226 61b080e0 7 API calls 71072->71226 71073->71066 71073->71072 71074->71067 71083 61b06b50 strncmp 71074->71083 71230 61b07fe0 8 API calls 71075->71230 71077->71070 71078->71015 71084 61b06b9c 71078->71084 71080->71027 71088 61b06f4f _Py_Dealloc 71080->71088 71089 61b07363 PyErr_Format 71082->71089 71083->71063 71083->71067 71220 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71084->71220 71085 61b06c73 71222 61b7ef30 __iob_func abort 71085->71222 71088->71027 71089->71057 71091 61b0744a _errno 71091->71057 71093 61b069c3 71093->71051 71216 61b1dd30 10 API calls 71093->71216 71094 61b06c8f 71096 61b07457 71094->71096 71097 61b06c97 71094->71097 71095 61b06ba9 71098 61b06bb5 PyErr_Format 71095->71098 71099 61b0749c 71095->71099 71231 61b01660 13 API calls 71096->71231 71102 61b06ca4 free 71097->71102 71103 61b06ca9 malloc 71097->71103 71098->71057 71233 61b01660 13 API calls 71099->71233 71102->71103 71105 61b07431 _errno 71103->71105 71106 61b06cc6 memcpy 71103->71106 71104 61b069d8 71104->71051 71217 61b1d760 10 API calls 71104->71217 71105->71075 71108 61b06f80 71106->71108 71109 61b06ce7 71106->71109 71108->71015 71130 61b07383 71108->71130 71227 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71108->71227 71111 61b06da0 71109->71111 71112 61b06ced 71109->71112 71111->71015 71111->71130 71224 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71111->71224 71118 61b06d02 free 71112->71118 71119 61b06d07 malloc 71112->71119 71129 61b06d36 71112->71129 71113 61b069ed 71114 61b074c9 71113->71114 71115 61b069fb 71113->71115 71234 61b01660 13 API calls 71114->71234 71218 61b1da00 10 API calls 71115->71218 71118->71119 71122 61b07563 _errno 71119->71122 71123 61b06d24 memcpy 71119->71123 71121 61b06a07 71121->71099 71219 61b1d8b0 10 API calls 71121->71219 71122->71075 71123->71129 71124 61b06fb1 71128 61b06fbd PyErr_Format 71124->71128 71124->71130 71125 61b06d3e 71125->71057 71135 61b06d46 71125->71135 71127 61b06dd1 71127->71130 71131 61b06ddd PyErr_Format 71127->71131 71128->71057 71129->71125 71223 61b04050 exit 71129->71223 71130->71038 71131->71057 71134 61b06a21 71134->71027 71134->71039 71134->71047 71135->71002 71137 61b1f570 71136->71137 71138 61b1f9cc 71136->71138 71140 61b1f9b3 71137->71140 71141 61b1f58b 71137->71141 71142 61b1f99a 71137->71142 71245 61b1d6f0 __iob_func abort 71138->71245 71244 61b1d6f0 __iob_func abort 71140->71244 71150 61b06a74 71141->71150 71151 61b1f5e5 calloc 71141->71151 71243 61b1d6f0 __iob_func abort 71142->71243 71150->71018 71150->71040 71154 61b1f604 71151->71154 71161 61b1f6e8 71151->71161 71238 61b222b0 6 API calls 71154->71238 71158 61b1f63a 71159 61b1f6b0 71158->71159 71160 61b1f63e 71158->71160 71240 61b22140 __iob_func abort calloc free 71159->71240 71239 61b22140 __iob_func abort calloc free 71160->71239 71164 61b1f910 71161->71164 71165 61b1f7a3 71161->71165 71172 61b1f694 71161->71172 71164->71172 71242 61b22140 __iob_func abort calloc free 71164->71242 71165->71172 71241 61b22140 __iob_func abort calloc free 71165->71241 71166 61b1f69e free 71166->71150 71172->71166 71178 61b2004b 71177->71178 71179 61b1fdef 71177->71179 71250 61b1d6f0 __iob_func abort 71178->71250 71180 61b20032 71179->71180 71182 61b20019 71179->71182 71185 61b20000 71179->71185 71193 61b1fe0a 71179->71193 71249 61b1d6f0 __iob_func abort 71180->71249 71248 61b1d6f0 __iob_func abort 71182->71248 71184 61b20064 memcmp 71187 61b1ff6e free 71184->71187 71213 61b2007a 71184->71213 71247 61b1d6f0 __iob_func abort 71185->71247 71189 61b1ff76 free 71187->71189 71191 61b1ff85 71189->71191 71190 61b06ac7 71190->71053 71190->71054 71191->71189 71192 61b23d70 21 API calls 71191->71192 71192->71191 71193->71190 71194 61b1fe84 malloc 71193->71194 71194->71190 71195 61b1fe9b 71194->71195 71195->71189 71196 61b1feda free 71195->71196 71197 61b1feee 71195->71197 71196->71190 71197->71191 71198 61b1fef7 malloc 71197->71198 71198->71189 71199 61b1ff29 71198->71199 71246 61b24600 memcpy 71199->71246 71201 61b1ff58 71201->71187 71202 61b1ffd1 71201->71202 71203 61b1ff63 71201->71203 71202->71191 71251 61b21690 __iob_func abort 71202->71251 71203->71184 71203->71187 71205 61b20181 71206 61b201cb 71205->71206 71252 61b21690 __iob_func abort 71205->71252 71208 61b2026d free 71206->71208 71209 61b201ef 71206->71209 71209->71187 71210 61b2021d memcmp 71209->71210 71210->71187 71211 61b2023f 71210->71211 71211->71187 71212 61b2024d memcmp 71211->71212 71212->71187 71212->71213 71213->71187 71214->71071 71215->71093 71216->71104 71217->71113 71218->71121 71219->71134 71220->71095 71221->71085 71222->71094 71224->71127 71225->71022 71226->71057 71227->71124 71228->71038 71229->71057 71230->71091 71231->71057 71232->71057 71233->71057 71234->71125 71235->71057 71236->71057 71237->71057 71238->71158 71239->71172 71240->71161 71241->71172 71242->71172 71246->71201 71251->71205 71252->71206 71253 7ffdfaf54854 71254 7ffdfb006ec0 71253->71254 71257 7ffdfaf532ec 71254->71257 71256 7ffdfb006ed7 71257->71256 71260 7ffdfb006f00 71257->71260 71259 7ffdfb00710e 71259->71256 71260->71259 71261 7ffdfaf52fb8 71260->71261 71261->71260 71262 7ffdfb0ea670 71261->71262 71263 7ffdfb0ea699 71262->71263 71264 7ffdfb0ea6fe 71262->71264 71266 7ffdfb0ea6b1 71263->71266 71267 7ffdfb0ea6d9 malloc 71263->71267 71265 7ffdfb0ea703 71264->71265 71270 7ffdfb0ea75f 71264->71270 71268 7ffdfb0ea744 free 71265->71268 71269 7ffdfb0ea725 71265->71269 71266->71260 71267->71266 71268->71260 71269->71260 71271 7ffdfb0ea764 71270->71271 71272 7ffdfb0ea7a2 memmove 71270->71272 71271->71260 71272->71271 71273 7ffdfaf52e5f 71274 7ffdfb11ae60 71273->71274 71277 7ffdfb11ae97 71274->71277 71279 7ffdfb11b9b0 memmove 71274->71279 71276 7ffdfb11af6f 71276->71277 71280 7ffdfb11b9b0 memmove 71276->71280 71279->71276 71280->71277 71281 7ff756422a60 71282 7ff756422af8 SetWindowLongPtrW 71281->71282 71283 7ff756422a78 71281->71283 71294 7ff7564226a0 71282->71294 71285 7ff756422a7a 71283->71285 71286 7ff756422aa0 71283->71286 71287 7ff756422ac0 GetWindowLongPtrW 71285->71287 71288 7ff756422a7f 71285->71288 71289 7ff756422a8f 71286->71289 71291 7ff756422ab4 EndDialog 71286->71291 71305 7ff756422490 GetDC 71287->71305 71288->71289 71290 7ff756422a84 EndDialog 71288->71290 71290->71289 71291->71289 71293 7ff756422add InvalidateRect 71293->71289 71312 7ff756422680 71294->71312 71297 7ff756422a10 CreateFontIndirectW 71301 7ff756422a28 71297->71301 71298 7ff756422761 8 API calls 71299 7ff756422962 SendMessageW SendMessageW SendMessageW SendMessageW 71298->71299 71300 7ff7564229c4 SendMessageW SendMessageW GetClientRect 71298->71300 71299->71300 71300->71301 71302 7ff756422a00 71300->71302 71303 7ff756422490 9 API calls 71301->71303 71302->71289 71304 7ff756422a4b 71303->71304 71304->71289 71306 7ff756422562 MoveWindow MoveWindow MoveWindow MoveWindow 71305->71306 71307 7ff7564224c3 71305->71307 71306->71293 71308 7ff756422502 SelectObject 71307->71308 71309 7ff756422511 DrawTextW 71307->71309 71308->71309 71310 7ff756422547 ReleaseDC 71309->71310 71311 7ff75642253b SelectObject 71309->71311 71310->71306 71311->71310 71315 7ff75642f500 71312->71315 71316 7ff75642f54b 71315->71316 71317 7ff75642f522 71315->71317 71322 7ff7564340e3 fputwc fwprintf fwprintf _errno 71316->71322 71321 7ff7564340e3 fputwc fwprintf fwprintf _errno 71317->71321 71320 7ff756422698 GetDialogBaseUnits MulDiv MulDiv SystemParametersInfoW 71320->71297 71320->71298 71321->71320 71322->71320 71323 61b05898 71324 61b0589b 71323->71324 71325 61b058a1 71324->71325 71326 61b058dd 71324->71326 71443 61b0fdb0 VirtualAlloc memcpy fwrite 71325->71443 71380 61b07590 71326->71380 71329 61b058c9 71329->71326 71354 61b062f7 71329->71354 71331 61b054d0 PyEval_GetFrame 71334 61b054f1 PyUnicode_FromFormat 71331->71334 71345 61b05562 71331->71345 71332 61b05903 71335 61b05918 PyUnicode_AsUTF8 71332->71335 71339 61b06199 71332->71339 71338 61b0550a Py_DecRef 71334->71338 71334->71345 71340 61b05958 PyImport_GetModuleDict PyDict_GetItem 71335->71340 71341 61b0593e 71335->71341 71336 61b05ad4 PyEval_GetFrame 71336->71332 71337 61b06328 71337->71331 71338->71345 71346 61b061bb 71339->71346 71347 61b0636c exit 71339->71347 71339->71354 71342 61b0599d PyImport_ExecCodeModuleObject PyErr_Occurred 71340->71342 71343 61b05974 PyModule_GetDict PyDict_GetItemString 71340->71343 71341->71340 71341->71342 71342->71331 71342->71345 71343->71342 71344 61b060e5 PyEval_EvalCode 71343->71344 71348 61b0551b PyEval_GetFrame 71344->71348 71349 61b060fd Py_DecRef Py_IncRef 71344->71349 71444 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71346->71444 71355 61b06394 71347->71355 71374 61b064a5 71347->71374 71348->71345 71351 61b0553c PyUnicode_FromFormat 71348->71351 71349->71345 71351->71345 71358 61b05555 Py_DecRef 71351->71358 71352 61b061c8 71353 61b061d4 PyErr_Format 71352->71353 71352->71354 71353->71331 71445 61b080e0 7 API calls 71354->71445 71356 61b063a4 71355->71356 71446 61b0fed0 VirtualFree 71355->71446 71357 61b063cc 71356->71357 71360 61b063bc free 71356->71360 71361 61b063e2 71357->71361 71362 61b063dd free 71357->71362 71358->71345 71360->71356 71360->71357 71363 61b063f3 71361->71363 71364 61b063ee free 71361->71364 71362->71361 71365 61b06404 71363->71365 71366 61b063ff free 71363->71366 71364->71363 71367 61b06412 71365->71367 71368 61b0640d free 71365->71368 71366->71365 71369 61b06428 71367->71369 71370 61b064e2 _Py_Dealloc 71367->71370 71368->71367 71371 61b0643b 71369->71371 71372 61b06500 _Py_Dealloc 71369->71372 71370->71369 71370->71371 71373 61b06520 _Py_Dealloc 71371->71373 71376 61b06451 71371->71376 71372->71371 71372->71376 71373->71374 71373->71376 71375 61b06550 _Py_Dealloc 71375->71376 71376->71374 71376->71375 71377 61b06570 _Py_Dealloc 71376->71377 71378 61b06560 _Py_Dealloc 71376->71378 71379 61b06540 _Py_Dealloc 71376->71379 71377->71376 71378->71376 71379->71375 71381 61b07900 71380->71381 71382 61b075ba 71380->71382 71450 61b7eff0 __iob_func abort 71381->71450 71383 61b075c3 71382->71383 71391 61b07916 71382->71391 71385 61b07a40 71383->71385 71389 61b075d9 71383->71389 71386 61b07d7b exit 71385->71386 71434 61b07b6f PyErr_Format 71385->71434 71454 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71385->71454 71388 61b07652 71390 61b0765c 71388->71390 71406 61b07ac0 71388->71406 71389->71388 71393 61b075fb malloc 71389->71393 71396 61b07bc0 71389->71396 71448 61b0eed0 17 API calls 71390->71448 71391->71385 71391->71386 71391->71396 71398 61b07b30 71391->71398 71399 61b079bb PyErr_Format 71391->71399 71408 61b07953 PyErr_Format 71391->71408 71409 61b07d05 71391->71409 71423 61b07d30 71391->71423 71451 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71391->71451 71452 61b7f050 __iob_func abort 71391->71452 71453 61b7f320 __iob_func abort 71391->71453 71394 61b07611 71393->71394 71395 61b07d1c PyErr_NoMemory 71393->71395 71412 61b07623 71394->71412 71413 61b07d14 free 71394->71413 71403 61b058eb 71395->71403 71396->71386 71404 61b07bf2 71396->71404 71414 61b07b50 71398->71414 71424 61b07bff PyErr_Format 71398->71424 71399->71391 71400 61b07a7f 71405 61b07a8b PyErr_Format 71400->71405 71400->71434 71401 61b07675 71401->71403 71415 61b078e3 memset 71401->71415 71416 61b07689 71401->71416 71403->71331 71403->71332 71403->71336 71457 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71404->71457 71405->71406 71406->71386 71455 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71406->71455 71408->71391 71409->71413 71447 61b14210 28 API calls 71412->71447 71413->71395 71414->71386 71419 61b07b62 71414->71419 71415->71416 71421 61b07691 71415->71421 71420 61b078b0 PyEval_GetFrame 71416->71420 71416->71421 71417 61b07aef 71425 61b07afb PyErr_Format 71417->71425 71417->71434 71456 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71419->71456 71420->71398 71430 61b078c3 71420->71430 71421->71403 71429 61b076e0 PyEval_GetFrame 71421->71429 71431 61b07ce2 PyErr_Format 71423->71431 71424->71403 71425->71398 71426 61b07644 71432 61b07c9d 71426->71432 71433 61b0764d 71426->71433 71442 61b076ef 71429->71442 71430->71398 71430->71421 71431->71403 71432->71386 71436 61b07cbf 71432->71436 71433->71388 71434->71403 71435 61b07865 71449 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71435->71449 71458 61b013c0 PySys_GetObject PyUnicode_AsUTF8AndSize getenv PySys_GetObject PyErr_Clear 71436->71458 71439 61b07872 71439->71423 71441 61b0787e PyErr_Format 71439->71441 71440 61b07ccc 71440->71423 71440->71431 71441->71403 71442->71386 71442->71403 71442->71423 71442->71435 71443->71329 71444->71352 71445->71337 71447->71426 71448->71401 71449->71439 71450->71391 71451->71391 71452->71391 71453->71391 71454->71400 71455->71417 71456->71434 71457->71424 71458->71440 71459 7ff7564237c0 71460 7ff7564237d6 71459->71460 71461 7ff7564237fc 71460->71461 71462 7ff756423a31 71460->71462 71464 7ff756423a3d 71461->71464 71466 7ff756423814 71461->71466 71536 7ff756422e10 10 API calls 71462->71536 71537 7ff756422e10 10 API calls 71464->71537 71470 7ff756423926 71466->71470 71472 7ff756423910 71466->71472 71474 7ff756423939 71466->71474 71476 7ff756423901 free 71466->71476 71478 7ff756423953 71466->71478 71488 7ff756421c30 71466->71488 71516 7ff7564231f0 71466->71516 71533 7ff756421bf0 10 API calls 71466->71533 71534 7ff756422e10 10 API calls 71470->71534 71473 7ff756423b88 71535 7ff756422e10 10 API calls 71474->71535 71476->71466 71477 7ff756423a4e 71477->71473 71482 7ff756423b7d _strdup 71477->71482 71479 7ff7564239ab _strdup 71478->71479 71480 7ff7564239b6 71478->71480 71479->71480 71519 7ff756422370 strlen 71480->71519 71482->71473 71484 7ff7564239d9 _strdup 71485 7ff756423a00 71484->71485 71523 7ff756422c50 71485->71523 71487 7ff756423a17 free free 71487->71472 71489 7ff756421c4e 71488->71489 71490 7ff756421d30 71488->71490 71538 7ff75642f2a0 71489->71538 71565 7ff7564244f0 71490->71565 71494 7ff756421d40 71494->71489 71497 7ff756421d50 71494->71497 71495 7ff756421d78 71573 7ff756422f90 11 API calls 71495->71573 71496 7ff756421c66 malloc 71499 7ff756421c7f 71496->71499 71500 7ff756421d92 71496->71500 71572 7ff756422e10 10 API calls 71497->71572 71504 7ff756421c8b 71499->71504 71505 7ff756421d10 71499->71505 71574 7ff756422f90 11 API calls 71500->71574 71502 7ff756421d61 71502->71466 71506 7ff756421c93 71504->71506 71508 7ff756421ca0 fread 71504->71508 71541 7ff756421850 71505->71541 71512 7ff756421cff 71506->71512 71513 7ff756421cf2 fclose 71506->71513 71510 7ff756421c98 71508->71510 71511 7ff756421cc6 71508->71511 71509 7ff756421d21 71509->71506 71515 7ff756421cde free 71509->71515 71510->71506 71510->71508 71571 7ff756422f90 11 API calls 71511->71571 71512->71466 71513->71512 71515->71506 71610 7ff75642f460 71516->71610 71521 7ff7564223a0 71519->71521 71522 7ff7564223cb 71521->71522 71618 7ff756422e10 10 API calls 71521->71618 71522->71477 71522->71484 71524 7ff756422c73 71523->71524 71525 7ff756422c66 71523->71525 71527 7ff756428360 10 API calls 71524->71527 71529 7ff756422c88 71524->71529 71526 7ff756428360 10 API calls 71525->71526 71526->71524 71527->71529 71528 7ff756422c9d 71619 7ff756422b20 71528->71619 71529->71528 71530 7ff756428360 10 API calls 71529->71530 71530->71528 71533->71466 71534->71472 71535->71472 71536->71464 71537->71477 71575 7ff75642f2e0 71538->71575 71581 7ff756428c60 71541->71581 71543 7ff7564218b9 71544 7ff756421b3b 71543->71544 71545 7ff7564218c3 malloc 71543->71545 71591 7ff756422e10 10 API calls 71544->71591 71547 7ff756421b92 71545->71547 71548 7ff7564218d9 malloc 71545->71548 71593 7ff756422f90 11 API calls 71547->71593 71550 7ff756421b7b 71548->71550 71563 7ff7564218ef 71548->71563 71592 7ff756422f90 11 API calls 71550->71592 71552 7ff7564218f3 fread 71553 7ff75642191b ferror 71552->71553 71554 7ff756421a35 71552->71554 71553->71554 71553->71563 71585 7ff75642ab00 71554->71585 71558 7ff756421a04 71558->71554 71590 7ff756422e10 10 API calls 71558->71590 71559 7ff756421992 fwrite 71561 7ff7564219ba ferror 71559->71561 71562 7ff756421b2d 71559->71562 71561->71562 71564 7ff7564219cf 71561->71564 71562->71558 71563->71552 71563->71554 71563->71558 71563->71559 71589 7ff756428d10 memcpy memcpy memcpy 71563->71589 71564->71563 71566 7ff7564244fd 71565->71566 71594 7ff756428360 71566->71594 71569 7ff756428360 10 API calls 71570 7ff75642452f _wfopen 71569->71570 71570->71494 71571->71515 71572->71502 71573->71502 71574->71506 71576 7ff75642f326 71575->71576 71580 7ff75642f2fa 71575->71580 71577 7ff75642f368 _errno 71576->71577 71576->71580 71578 7ff756421c5e 71577->71578 71578->71495 71578->71496 71579 7ff75642f37a fsetpos 71579->71578 71580->71578 71580->71579 71582 7ff756428b70 71581->71582 71583 7ff756428bbe malloc 71582->71583 71584 7ff756428bd3 71582->71584 71583->71584 71584->71543 71586 7ff75642ab0b 71585->71586 71587 7ff756421a42 free free 71586->71587 71588 7ff75642ab21 free 71586->71588 71587->71509 71588->71587 71589->71563 71590->71554 71591->71563 71592->71547 71593->71547 71595 7ff7564283b0 MultiByteToWideChar 71594->71595 71596 7ff756428373 71594->71596 71597 7ff756428438 71595->71597 71598 7ff7564283e5 calloc 71595->71598 71599 7ff75642837d MultiByteToWideChar 71596->71599 71609 7ff756422ef0 10 API calls 71597->71609 71598->71599 71601 7ff7564283fb 71598->71601 71600 7ff756428418 71599->71600 71605 7ff75642451e 71599->71605 71608 7ff756422ef0 10 API calls 71600->71608 71607 7ff756422ef0 10 API calls 71601->71607 71605->71569 71606 7ff756428410 71606->71605 71607->71606 71608->71605 71609->71605 71611 7ff75642f4ab 71610->71611 71612 7ff75642f482 71610->71612 71617 7ff7564315d5 fputc 71611->71617 71616 7ff7564315d5 fputc 71612->71616 71615 7ff75642320d 71615->71466 71616->71615 71617->71615 71618->71521 71630 7ff75642e210 71619->71630 71622 7ff756422680 4 API calls 71623 7ff756422b8b memset 71622->71623 71624 7ff756438428 71623->71624 71625 7ff756422bab 6 API calls 71624->71625 71626 7ff756422c2a 71625->71626 71627 7ff756422c24 DeleteObject 71625->71627 71628 7ff756422c37 DestroyIcon 71626->71628 71629 7ff756422c3d free free free 71626->71629 71627->71626 71628->71629 71629->71487 71631 7ff756422b32 GetModuleHandleW 71630->71631 71631->71622 71632 7ff7564210f6 71635 7ff756421154 71632->71635 71636 7ff756421188 71635->71636 71637 7ff756421249 71636->71637 71638 7ff75642123d _amsg_exit 71636->71638 71639 7ff75642127e 71637->71639 71640 7ff756421256 _initterm 71637->71640 71638->71639 71641 7ff756421296 _initterm 71639->71641 71642 7ff7564212bc 71639->71642 71640->71639 71641->71642 71651 7ff7564215c4 71642->71651 71644 7ff756421415 71656 7ff75642cc50 71644->71656 71647 7ff756421469 71649 7ff756421117 71647->71649 71650 7ff756421473 _cexit 71647->71650 71648 7ff75642145c exit 71648->71647 71650->71649 71652 7ff7564215ea 71651->71652 71653 7ff756421699 71652->71653 71654 7ff756421605 71652->71654 71653->71644 71655 7ff756421624 malloc memcpy 71654->71655 71655->71652 71659 7ff756421810 71656->71659 71730 7ff7564282b0 71659->71730 71661 7ff756421833 71738 7ff7564222f0 calloc 71661->71738 71668 7ff756423cda 71706 7ff756423f83 71668->71706 71753 7ff756427100 71668->71753 71669 7ff7564262f0 free free free free 71669->71706 71672 7ff756423d27 71675 7ff756423e90 71672->71675 71676 7ff756423d33 71672->71676 71673 7ff75642412a fclose 71673->71706 71674 7ff7564221f0 41 API calls 71697 7ff756423d8e 71674->71697 71678 7ff7564271f0 12 API calls 71675->71678 71677 7ff756427100 15 API calls 71676->71677 71679 7ff756423d3f 71677->71679 71680 7ff756423e98 71678->71680 71681 7ff756423d78 71679->71681 71684 7ff756423d5b free 71679->71684 71685 7ff756424040 71679->71685 71682 7ff7564221f0 41 API calls 71680->71682 71761 7ff7564271f0 71681->71761 71687 7ff756423ea6 71682->71687 71683 7ff756428360 10 API calls 71683->71697 71689 7ff7564271f0 12 API calls 71684->71689 71693 7ff7564221f0 41 API calls 71685->71693 71687->71685 71691 7ff756423eae 71687->71691 71688 7ff756422e10 10 API calls 71688->71706 71689->71681 71690 7ff756423d80 71764 7ff7564221f0 71690->71764 71792 7ff756423660 10 API calls 71691->71792 71692 7ff756423dd0 SetDllDirectoryW 71775 7ff7564262b0 calloc 71692->71775 71704 7ff756423ec4 71693->71704 71697->71674 71697->71683 71697->71692 71697->71706 71709 7ff756423e31 strcpy 71697->71709 71788 7ff7564262f0 free free free free 71697->71788 71789 7ff756423c60 fputc 71697->71789 71698 7ff756423f7e 71700 7ff7564262b0 12 API calls 71698->71700 71700->71706 71702 7ff7564244f0 11 API calls 71702->71704 71703 7ff756423df9 strcmp 71703->71697 71705 7ff756423e4a 71703->71705 71704->71673 71704->71698 71704->71702 71704->71706 71793 7ff756427e80 malloc 71704->71793 71802 7ff756423660 10 API calls 71704->71802 71779 7ff756423be0 71705->71779 71706->71669 71706->71673 71706->71688 71706->71697 71706->71703 71719 7ff756423ff2 71706->71719 71803 7ff756425e00 43 API calls 71706->71803 71804 7ff7564236c0 137 API calls 71706->71804 71805 7ff756427190 13 API calls 71706->71805 71810 7ff756426020 121 API calls 71706->71810 71811 7ff756426240 43 API calls 71706->71811 71812 7ff756426450 FreeLibrary 71706->71812 71814 7ff756426570 11 API calls 71706->71814 71709->71705 71712 7ff756423e5a 71790 7ff756426450 FreeLibrary 71712->71790 71716 7ff756423e6e 71791 7ff7564262f0 free free free free 71716->71791 71718 7ff75642144c 71718->71647 71718->71648 71806 7ff756427ae0 24 API calls 71719->71806 71721 7ff756424008 71807 7ff756426450 FreeLibrary 71721->71807 71723 7ff756424014 71808 7ff7564262f0 free free free free 71723->71808 71725 7ff75642401e 71726 7ff75642402b 71725->71726 71813 7ff7564275b0 30 API calls 71725->71813 71809 7ff756422330 free fclose 71726->71809 71729 7ff756424033 71729->71718 71731 7ff7564282ce 71730->71731 71732 7ff756428329 71731->71732 71735 7ff7564282da 71731->71735 71732->71661 71734 7ff756428301 71736 7ff756428310 free 71734->71736 71735->71732 71735->71734 71815 7ff756428190 13 API calls 71735->71815 71736->71736 71737 7ff756428321 free 71736->71737 71737->71732 71739 7ff756422308 71738->71739 71740 7ff75642230d 71738->71740 71739->71706 71742 7ff756424430 71739->71742 71816 7ff756422f90 11 API calls 71740->71816 71743 7ff75642e210 71742->71743 71744 7ff75642443c GetModuleFileNameW 71743->71744 71745 7ff756424488 71744->71745 71746 7ff75642445c 71744->71746 71818 7ff756422ef0 10 API calls 71745->71818 71817 7ff756428190 13 API calls 71746->71817 71749 7ff75642447a 71749->71668 71750 7ff75642446d 71750->71749 71819 7ff756422e10 10 API calls 71750->71819 71752 7ff7564244ac 71752->71749 71754 7ff75642710b 71753->71754 71755 7ff756428360 10 API calls 71754->71755 71756 7ff756427120 GetEnvironmentVariableW 71755->71756 71757 7ff756427148 ExpandEnvironmentStringsW 71756->71757 71758 7ff756427136 71756->71758 71820 7ff756428190 13 API calls 71757->71820 71758->71672 71760 7ff75642716c 71760->71672 71760->71758 71762 7ff756428360 10 API calls 71761->71762 71763 7ff756427203 SetEnvironmentVariableW free 71762->71763 71763->71690 71821 7ff756421bc0 71764->71821 71767 7ff75642221f 71767->71697 71768 7ff756421bc0 fputc 71769 7ff75642224b 71768->71769 71769->71767 71824 7ff756424180 71769->71824 71774 7ff756422298 fclose 71774->71767 71776 7ff7564262cd 71775->71776 71778 7ff7564262c8 71775->71778 71891 7ff756422f90 11 API calls 71776->71891 71778->71697 71892 7ff756425310 71779->71892 71782 7ff756423c1b 71782->71712 71788->71703 71789->71697 71790->71716 71791->71718 71792->71704 71794 7ff756427f69 free 71793->71794 71795 7ff756427eaf 71793->71795 71794->71704 71796 7ff75642f2a0 2 API calls 71795->71796 71798 7ff756427ebf 71796->71798 71798->71794 72037 7ff75642f390 71798->72037 71800 7ff75642f2a0 2 API calls 71801 7ff756427ecf 71800->71801 71801->71794 71801->71800 71802->71704 71803->71706 71804->71706 71805->71706 71806->71721 71807->71723 71808->71725 71809->71729 71810->71706 71811->71706 71812->71706 71813->71726 71814->71706 71815->71735 71816->71739 71817->71750 71818->71749 71819->71752 71820->71760 71822 7ff75642f460 fputc 71821->71822 71823 7ff756421be4 71822->71823 71823->71767 71823->71768 71825 7ff75642418c 71824->71825 71861 7ff756424150 71825->71861 71828 7ff756422264 strcpy 71832 7ff756421fc0 71828->71832 71831 7ff756424150 fputc 71831->71828 71833 7ff756422160 71832->71833 71834 7ff756421fd6 71832->71834 71836 7ff7564244f0 11 API calls 71833->71836 71835 7ff756427e80 5 API calls 71834->71835 71838 7ff75642214c 71834->71838 71837 7ff756422000 71835->71837 71836->71834 71837->71838 71839 7ff75642f2a0 2 API calls 71837->71839 71838->71767 71838->71774 71840 7ff756422019 71839->71840 71841 7ff756422021 fread 71840->71841 71842 7ff7564221c5 71840->71842 71844 7ff756422188 71841->71844 71845 7ff756422041 71841->71845 71889 7ff756422f90 11 API calls 71842->71889 71886 7ff756422f90 11 API calls 71844->71886 71847 7ff75642f2a0 2 API calls 71845->71847 71848 7ff75642208b malloc 71847->71848 71849 7ff7564220a7 fread 71848->71849 71850 7ff7564221da 71848->71850 71851 7ff7564221a2 71849->71851 71852 7ff7564220c1 ferror 71849->71852 71890 7ff756422f90 11 API calls 71850->71890 71887 7ff756422f90 11 API calls 71851->71887 71854 7ff7564221b7 71852->71854 71858 7ff7564220df 71852->71858 71888 7ff756422e10 10 API calls 71854->71888 71857 7ff756422133 71857->71838 71859 7ff756422140 fclose 71857->71859 71858->71857 71885 7ff756422e10 10 API calls 71858->71885 71859->71838 71862 7ff75642f460 fputc 71861->71862 71863 7ff756424174 71862->71863 71863->71828 71864 7ff75642e5c0 71863->71864 71865 7ff75642e5e4 71864->71865 71866 7ff75642e5ff setlocale 71865->71866 71867 7ff75642e5ef _strdup 71865->71867 71868 7ff75642e61e 71866->71868 71869 7ff75642ea4b wcstombs realloc wcstombs setlocale free 71866->71869 71867->71866 71868->71869 71870 7ff75642e62d mbstowcs 71868->71870 71871 7ff7564241c2 71869->71871 71872 7ff75642e210 71870->71872 71871->71831 71873 7ff75642e686 mbstowcs 71872->71873 71874 7ff75642e73b 71873->71874 71875 7ff75642e6d4 71873->71875 71876 7ff75642ea41 71874->71876 71878 7ff75642e76b 71874->71878 71875->71874 71877 7ff75642e715 setlocale free 71875->71877 71876->71869 71877->71871 71879 7ff75642e7ea wcstombs realloc wcstombs 71878->71879 71882 7ff75642e7ef wcstombs 71878->71882 71881 7ff75642ea1e setlocale free 71879->71881 71881->71871 71882->71881 71884 7ff75642e975 71882->71884 71884->71881 71885->71858 71886->71838 71887->71838 71888->71838 71889->71838 71890->71838 71891->71778 71893 7ff75642531e 71892->71893 71968 7ff7564250a0 71893->71968 71896 7ff756425427 71993 7ff756422e10 10 API calls 71896->71993 71897 7ff756425350 71899 7ff756424220 4 API calls 71897->71899 71917 7ff75642535f 71897->71917 71902 7ff7564253c9 71899->71902 71901 7ff756423bed 71901->71782 71918 7ff756425690 71901->71918 71904 7ff7564253ce 71902->71904 71992 7ff756422e10 10 API calls 71902->71992 71903 7ff756425374 71905 7ff756425379 71903->71905 71991 7ff756422e10 10 API calls 71903->71991 71984 7ff756424350 71904->71984 71981 7ff756427a70 71905->71981 71910 7ff756425381 71912 7ff756425449 71910->71912 71913 7ff75642538d 71910->71913 71994 7ff756422ef0 10 API calls 71912->71994 71990 7ff756424550 65 API calls 71913->71990 71916 7ff756427a70 12 API calls 71916->71917 71971 7ff756424220 71917->71971 71919 7ff756427100 15 API calls 71918->71919 71920 7ff7564256a6 71919->71920 71921 7ff7564256c6 71920->71921 72025 7ff756422e80 10 API calls 71920->72025 71922 7ff756428360 10 API calls 71921->71922 71923 7ff756425712 71922->71923 71925 7ff7564258dc 71923->71925 71926 7ff75642571b 71923->71926 72029 7ff756422e10 10 API calls 71925->72029 71929 7ff756428360 10 API calls 71926->71929 71928 7ff756423c03 71928->71782 71957 7ff756425910 strlen 71928->71957 71930 7ff756425746 71929->71930 71931 7ff7564258f8 71930->71931 71932 7ff75642574f 71930->71932 72031 7ff756422e10 10 API calls 71931->72031 71934 7ff7564250a0 fputc 71932->71934 71935 7ff7564257bb 71934->71935 71936 7ff7564258b7 71935->71936 71937 7ff7564257c6 71935->71937 72027 7ff756422e10 10 API calls 71936->72027 71939 7ff756428360 10 API calls 71937->71939 71940 7ff7564257de 71939->71940 71941 7ff7564257e7 71940->71941 71942 7ff7564258ea 71940->71942 72008 7ff7564250f0 71941->72008 72030 7ff756422e10 10 API calls 71942->72030 71946 7ff75642580d 72024 7ff756428460 13 API calls 71946->72024 71948 7ff75642582b 71949 7ff756425837 71948->71949 71950 7ff7564258ce 71948->71950 71953 7ff756425872 free 71949->71953 71954 7ff756425860 free 71949->71954 72028 7ff756422e10 10 API calls 71950->72028 71952 7ff7564258da 71952->71928 71955 7ff756425883 71953->71955 71954->71953 71954->71954 71955->71928 72026 7ff756422e10 10 API calls 71955->72026 71958 7ff75642594d 71957->71958 71959 7ff756425a39 71958->71959 71966 7ff756425959 71958->71966 72036 7ff756422e10 10 API calls 71959->72036 71961 7ff756423c0f 71961->71782 71967 7ff756425b20 11 API calls 71961->71967 71963 7ff756421c30 31 API calls 71963->71966 71965 7ff756425a01 free 71965->71966 71966->71961 71966->71963 71966->71965 72034 7ff756421bf0 10 API calls 71966->72034 72035 7ff756422e10 10 API calls 71966->72035 71967->71782 71969 7ff75642f460 fputc 71968->71969 71970 7ff7564250b8 71969->71970 71970->71896 71970->71897 71972 7ff756424150 fputc 71971->71972 71973 7ff756424241 71972->71973 71974 7ff7564242b8 71973->71974 71975 7ff756424264 strlen 71973->71975 71974->71903 71975->71974 71976 7ff756424279 71975->71976 71977 7ff756424289 strncat 71976->71977 71978 7ff7564242a0 71976->71978 71979 7ff75642428e 71977->71979 71980 7ff7564242a5 strlen 71978->71980 71979->71903 71980->71979 71982 7ff756428360 10 API calls 71981->71982 71983 7ff756427a83 LoadLibraryExW free 71982->71983 71983->71910 71985 7ff75642435b 71984->71985 71986 7ff756428360 10 API calls 71985->71986 71987 7ff756424374 71986->71987 71995 7ff75642f19b 71987->71995 71990->71901 71991->71905 71992->71904 71993->71901 71994->71901 72002 7ff75642efb0 71995->72002 71997 7ff75642f1b7 71998 7ff75642f1d8 free 71997->71998 71999 7ff75642f1e4 71997->71999 71998->71999 72000 7ff75642f1ea memset 71999->72000 72001 7ff756424381 71999->72001 72000->72001 72001->71916 72001->71917 72003 7ff75642efcf 72002->72003 72007 7ff75642f011 72002->72007 72004 7ff75642efdf wcslen 72003->72004 72003->72007 72005 7ff75642eff4 72004->72005 72004->72007 72006 7ff75642f146 malloc memcpy 72005->72006 72005->72007 72006->72007 72007->71997 72012 7ff756425104 72008->72012 72009 7ff75642521d 72009->71946 72010 7ff7564251a2 strncmp 72010->72012 72012->72009 72012->72010 72013 7ff7564251ca mbstowcs 72012->72013 72015 7ff756425218 72012->72015 72032 7ff756421bf0 10 API calls 72012->72032 72013->72012 72014 7ff7564252f6 72013->72014 72033 7ff756422e10 10 API calls 72014->72033 72015->72009 72017 7ff75642526b _setmode 72015->72017 72018 7ff756425282 _fileno _setmode 72017->72018 72019 7ff75642529a fflush 72018->72019 72020 7ff7564252a9 fflush 72019->72020 72021 7ff7564252b5 72020->72021 72022 7ff7564252c6 setbuf 72021->72022 72023 7ff7564252d7 setbuf 72022->72023 72023->72009 72024->71948 72025->71921 72026->71928 72027->71928 72028->71952 72029->71928 72030->71928 72031->71928 72032->72012 72033->72009 72034->71966 72035->71966 72036->71961 72040 7ff75642f3b0 fgetpos 72037->72040 72041 7ff75642f3a8 72040->72041 72041->71801

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 61B06580 Relevance: 118.2, APIs: 51, Strings: 16, Instructions: 915librarystringloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PySys_GetObject.PYTHON39 ref: 61B065A1
                                                                                                                                                                                                                              • PyTuple_GetItem.PYTHON39 ref: 61B065BB
                                                                                                                                                                                                                              • PyLong_AsLong.PYTHON39 ref: 61B065D0
                                                                                                                                                                                                                              • PyTuple_GetItem.PYTHON39 ref: 61B065E0
                                                                                                                                                                                                                              • PyLong_AsLong.PYTHON39 ref: 61B065EE
                                                                                                                                                                                                                              • PySys_GetObject.PYTHON39 ref: 61B065FD
                                                                                                                                                                                                                              • PyLong_AsVoidPtr.PYTHON39 ref: 61B06609
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 61B0662E
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 61B0664C
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 61B0666A
                                                                                                                                                                                                                              • PyModule_Create2.PYTHON39 ref: 61B06694
                                                                                                                                                                                                                              • PyModule_GetName.PYTHON39 ref: 61B066A9
                                                                                                                                                                                                                              • strrchr.MSVCRT ref: 61B066CE
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61B066E4
                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 61B066FE
                                                                                                                                                                                                                              • PyBytes_FromStringAndSize.PYTHON39 ref: 61B06751
                                                                                                                                                                                                                              • PyBytes_AsString.PYTHON39 ref: 61B0676B
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61B0677F
                                                                                                                                                                                                                              • PyCMethod_New.PYTHON39 ref: 61B067CD
                                                                                                                                                                                                                              • PyCMethod_New.PYTHON39 ref: 61B06813
                                                                                                                                                                                                                              • PyCMethod_New.PYTHON39 ref: 61B06859
                                                                                                                                                                                                                              • PyBytes_FromStringAndSize.PYTHON39 ref: 61B06883
                                                                                                                                                                                                                              • PyBytes_AsString.PYTHON39 ref: 61B06899
                                                                                                                                                                                                                              • _time64.MSVCRT ref: 61B06976
                                                                                                                                                                                                                              • srand.MSVCRT ref: 61B0697E
                                                                                                                                                                                                                              • strstr.MSVCRT ref: 61B06B25
                                                                                                                                                                                                                              • strncmp.MSVCRT ref: 61B06B61
                                                                                                                                                                                                                              • PyErr_Format.PYTHON39 ref: 61B06BD4
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B06C0A
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B06C19
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61B06C3A
                                                                                                                                                                                                                              • free.MSVCRT ref: 61B06CA4
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61B06CB0
                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 61B06CD3
                                                                                                                                                                                                                              • free.MSVCRT ref: 61B06D02
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61B06D0E
                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 61B06D31
                                                                                                                                                                                                                              • PyErr_Format.PYTHON39 ref: 61B07378
                                                                                                                                                                                                                                • Part of subcall function 61B1DFC0: memcmp.MSVCRT ref: 61B1DFF3
                                                                                                                                                                                                                                • Part of subcall function 61B1DFC0: memcmp.MSVCRT ref: 61B1E010
                                                                                                                                                                                                                                • Part of subcall function 61B1DFC0: memcmp.MSVCRT ref: 61B1E032
                                                                                                                                                                                                                                • Part of subcall function 61B1DFC0: memcmp.MSVCRT ref: 61B1E052
                                                                                                                                                                                                                                • Part of subcall function 61B1DFC0: memcmp.MSVCRT ref: 61B1E072
                                                                                                                                                                                                                                • Part of subcall function 61B1DFC0: memcmp.MSVCRT ref: 61B1E092
                                                                                                                                                                                                                                • Part of subcall function 61B1DFC0: memcmp.MSVCRT ref: 61B1E0B2
                                                                                                                                                                                                                                • Part of subcall function 61B1DFC0: memcmp.MSVCRT ref: 61B1E0D2
                                                                                                                                                                                                                                • Part of subcall function 61B1DD30: memcmp.MSVCRT ref: 61B1DD63
                                                                                                                                                                                                                                • Part of subcall function 61B1DD30: memcmp.MSVCRT ref: 61B1DD83
                                                                                                                                                                                                                                • Part of subcall function 61B1DD30: memcmp.MSVCRT ref: 61B1DDA5
                                                                                                                                                                                                                                • Part of subcall function 61B1DD30: memcmp.MSVCRT ref: 61B1DDC5
                                                                                                                                                                                                                                • Part of subcall function 61B1DD30: memcmp.MSVCRT ref: 61B1DDE5
                                                                                                                                                                                                                                • Part of subcall function 61B1DD30: memcmp.MSVCRT ref: 61B1DE05
                                                                                                                                                                                                                                • Part of subcall function 61B1DD30: memcmp.MSVCRT ref: 61B1DE25
                                                                                                                                                                                                                                • Part of subcall function 61B1DD30: memcmp.MSVCRT ref: 61B1DE45
                                                                                                                                                                                                                                • Part of subcall function 61B1D760: strcmp.MSVCRT ref: 61B1D78B
                                                                                                                                                                                                                                • Part of subcall function 61B1D760: strcmp.MSVCRT ref: 61B1D7B5
                                                                                                                                                                                                                                • Part of subcall function 61B1D760: strcmp.MSVCRT ref: 61B1D7D4
                                                                                                                                                                                                                                • Part of subcall function 61B1D760: strcmp.MSVCRT ref: 61B1D7F3
                                                                                                                                                                                                                                • Part of subcall function 61B1D760: strcmp.MSVCRT ref: 61B1D812
                                                                                                                                                                                                                                • Part of subcall function 61B1D760: strcmp.MSVCRT ref: 61B1D82D
                                                                                                                                                                                                                                • Part of subcall function 61B1D760: strcmp.MSVCRT ref: 61B1D848
                                                                                                                                                                                                                                • Part of subcall function 61B1D760: strcmp.MSVCRT ref: 61B1D863
                                                                                                                                                                                                                                • Part of subcall function 61B1DA00: strcmp.MSVCRT ref: 61B1DA2B
                                                                                                                                                                                                                                • Part of subcall function 61B1DA00: strcmp.MSVCRT ref: 61B1DA4F
                                                                                                                                                                                                                                • Part of subcall function 61B1DA00: strcmp.MSVCRT ref: 61B1DA6B
                                                                                                                                                                                                                                • Part of subcall function 61B1DA00: strcmp.MSVCRT ref: 61B1DA8A
                                                                                                                                                                                                                                • Part of subcall function 61B1DA00: strcmp.MSVCRT ref: 61B1DAA9
                                                                                                                                                                                                                                • Part of subcall function 61B1DA00: strcmp.MSVCRT ref: 61B1DAC4
                                                                                                                                                                                                                                • Part of subcall function 61B1DA00: strcmp.MSVCRT ref: 61B1DADF
                                                                                                                                                                                                                                • Part of subcall function 61B1DA00: strcmp.MSVCRT ref: 61B1DAFA
                                                                                                                                                                                                                                • Part of subcall function 61B1D8B0: strcmp.MSVCRT ref: 61B1D8DB
                                                                                                                                                                                                                                • Part of subcall function 61B1D8B0: strcmp.MSVCRT ref: 61B1D905
                                                                                                                                                                                                                                • Part of subcall function 61B1D8B0: strcmp.MSVCRT ref: 61B1D924
                                                                                                                                                                                                                                • Part of subcall function 61B1D8B0: strcmp.MSVCRT ref: 61B1D943
                                                                                                                                                                                                                                • Part of subcall function 61B1D8B0: strcmp.MSVCRT ref: 61B1D962
                                                                                                                                                                                                                                • Part of subcall function 61B1D8B0: strcmp.MSVCRT ref: 61B1D97D
                                                                                                                                                                                                                                • Part of subcall function 61B1D8B0: strcmp.MSVCRT ref: 61B1D998
                                                                                                                                                                                                                                • Part of subcall function 61B1D8B0: strcmp.MSVCRT ref: 61B1D9B3
                                                                                                                                                                                                                              • PyBytes_AsStringAndSize.PYTHON39 ref: 61B06EA8
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp$memcmp$Bytes_Stringmalloc$AddressLong_Method_ProcSizememcpy$DeallocErr_FormatFromItemLongModule_ObjectSys_Tuple_free$Create2NameVoid_time64srandstrncmpstrrchrstrstr
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$,*$.pyarmor.ikey$000000$C_ASSERT_ARMORED_INDEX$C_ENTER_CO_OBJECT_INDEX$C_LEAVE_CO_OBJECT_INDEX$PyCell_Get$PyCell_New$PyCell_Set$aes$dllhandle$pyarmor_runtime_$sha256$sprng$version_info
                                                                                                                                                                                                                              • API String ID: 3695841847-3717260241
                                                                                                                                                                                                                              • Opcode ID: 289e304bae9adacb830d7a96b8ae486b698539175f81ea9c2378decee6581d9c
                                                                                                                                                                                                                              • Instruction ID: 84604c504234c481ca621dd974710dd481e7a9b975f0e3c57ae1fff3cc538e96
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 289e304bae9adacb830d7a96b8ae486b698539175f81ea9c2378decee6581d9c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7582F272705BC482EB09CB65E45039E7FA2FB8AB86F89D116CA8E4B754DF79C456C300
                                                                                                                                                                                                                              Function 00007FF7564226A0 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 194windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: MessageSend$Create$Window$BaseClientDialogFontIconIndirectInfoLoadMetricParametersRectSystemUnits
                                                                                                                                                                                                                              • String ID: $BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                              • API String ID: 3223904152-1365983254
                                                                                                                                                                                                                              • Opcode ID: 44230c5549678586c376b2ef53c252f9aa80533ad4b521eb5059e48c1012b8cc
                                                                                                                                                                                                                              • Instruction ID: 6f09ad8fac8cbfa0f28572833ff19d22212126f62ce3c6770eaf20c1bbe98a88
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44230c5549678586c376b2ef53c252f9aa80533ad4b521eb5059e48c1012b8cc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C591BE36214B9482E7509F61E85479BB761F788BC8F64413ADE8C0BB98CF7EC585CB50
                                                                                                                                                                                                                              Function 00007FF756421154 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 849 7ff756421154-7ff756421193 call 7ff756438538 852 7ff7564211a8-7ff7564211d5 849->852 853 7ff756421195-7ff75642119f 849->853 854 7ff7564211f8-7ff75642122d 852->854 853->852 855 7ff7564211d7-7ff7564211df 854->855 856 7ff75642122f-7ff75642123b 854->856 857 7ff7564211ea-7ff7564211ef 855->857 858 7ff7564211e1-7ff7564211e8 855->858 859 7ff756421249-7ff756421254 856->859 860 7ff75642123d-7ff756421247 _amsg_exit 856->860 857->854 858->856 862 7ff75642127e 859->862 863 7ff756421256-7ff75642127c _initterm 859->863 861 7ff756421288-7ff756421294 860->861 864 7ff7564212bc-7ff7564212c0 861->864 865 7ff756421296-7ff7564212b6 _initterm 861->865 862->861 863->861 866 7ff7564212e0-7ff7564212ed 864->866 867 7ff7564212c2-7ff7564212dd 864->867 865->864 868 7ff75642130b-7ff756421363 call 7ff75642d6e8 call 7ff756437c70 call 7ff75642cee0 call 7ff756437b20 866->868 869 7ff7564212ef-7ff756421304 866->869 867->866 879 7ff7564213d3-7ff7564213de 868->879 880 7ff756421365 868->880 869->868 881 7ff7564213e0-7ff7564213eb 879->881 882 7ff756421401-7ff756421447 call 7ff7564215c4 call 7ff75642cc27 call 7ff75642cc50 879->882 883 7ff756421386-7ff756421391 880->883 886 7ff7564213ed-7ff7564213f4 881->886 887 7ff7564213f6 881->887 902 7ff75642144c-7ff75642145a 882->902 884 7ff756421367-7ff756421372 883->884 885 7ff756421393-7ff75642139d 883->885 892 7ff756421381 884->892 893 7ff756421374-7ff75642137e 884->893 889 7ff7564213ac-7ff7564213b6 885->889 890 7ff75642139f-7ff7564213a3 885->890 891 7ff7564213fb 886->891 887->891 897 7ff7564213b8-7ff7564213c3 889->897 898 7ff7564213c5-7ff7564213d0 889->898 890->884 896 7ff7564213a5 890->896 891->882 892->883 893->892 896->889 897->898 900 7ff7564213a7 897->900 898->879 900->889 903 7ff756421469-7ff756421471 902->903 904 7ff75642145c-7ff756421464 exit 902->904 905 7ff756421478-7ff756421486 903->905 906 7ff756421473 _cexit 903->906 904->903 906->905
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _initterm$_amsg_exit_cexitexit
                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                              • API String ID: 602970348-4108050209
                                                                                                                                                                                                                              • Opcode ID: 48a45a2dfa001bc1c4f29a48986b399cd1a9cddb3affad530eacaa3c2eafcdcf
                                                                                                                                                                                                                              • Instruction ID: c3f6ba7dfb9a2f563c1f9c12026e11fc8ac698319d49d17b6bcaa1f7244ce968
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48a45a2dfa001bc1c4f29a48986b399cd1a9cddb3affad530eacaa3c2eafcdcf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20A1C425F08B0689FB50AB55EC813BEA3A1BB44B89F984035DE4C977A4DF3DE650C760
                                                                                                                                                                                                                              Function 61B05870 Relevance: 63.3, APIs: 30, Strings: 6, Instructions: 326COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 221 61b05870-61b0589f 223 61b058a1-61b058c1 221->223 224 61b058dd-61b058f1 call 61b07590 221->224 225 61b058c4 call 61b0fdb0 223->225 229 61b054d0-61b054ef PyEval_GetFrame 224->229 230 61b058f7-61b058fd 224->230 227 61b058c9-61b058cc 225->227 231 61b058d2-61b058d9 227->231 232 61b06315-61b06328 call 61b080e0 227->232 236 61b054f1-61b05508 PyUnicode_FromFormat 229->236 237 61b05562 229->237 233 61b05903-61b05905 230->233 234 61b05ac6-61b05ace 230->234 231->224 232->229 239 61b05907-61b05912 233->239 240 61b05918-61b0593c PyUnicode_AsUTF8 233->240 234->233 241 61b05ad4-61b05add PyEval_GetFrame 234->241 236->237 243 61b0550a-61b05519 Py_DecRef 236->243 238 61b05564-61b05576 237->238 239->240 244 61b06199-61b061a3 239->244 245 61b05958-61b05972 PyImport_GetModuleDict PyDict_GetItem 240->245 246 61b0593e-61b05956 240->246 247 61b05ae3-61b05b00 241->247 248 61b062a6-61b062aa 241->248 243->238 252 61b06306-61b0630d 244->252 253 61b061a9-61b061b5 244->253 249 61b0599d-61b059bf PyImport_ExecCodeModuleObject PyErr_Occurred 245->249 250 61b05974-61b05997 PyModule_GetDict PyDict_GetItemString 245->250 246->245 246->249 247->233 251 61b05b06-61b05b11 247->251 248->233 249->229 255 61b059c5-61b059c9 249->255 250->249 254 61b060e5-61b060f7 PyEval_EvalCode 250->254 251->233 252->232 256 61b061bb-61b061ce call 61b013c0 253->256 257 61b0636c-61b0638e exit 253->257 260 61b0551b-61b0553a PyEval_GetFrame 254->260 261 61b060fd-61b0611c Py_DecRef Py_IncRef 254->261 258 61b059cb-61b059d8 255->258 259 61b059dc-61b059e9 255->259 269 61b061d4-61b061f9 PyErr_Format 256->269 270 61b062f7-61b062fe 256->270 262 61b06394-61b0639e 257->262 263 61b064a5-61b064ac 257->263 258->259 259->238 260->237 267 61b0553c-61b05553 PyUnicode_FromFormat 260->267 261->238 265 61b064c4-61b064cb 262->265 266 61b063a4-61b063ae 262->266 271 61b064b0-61b064bf call 61b0fed0 265->271 272 61b064cd-61b064d7 265->272 273 61b063b0-61b063ca call 61b14200 free 266->273 274 61b063cc-61b063db call 61b141d0 266->274 267->237 275 61b05555-61b0555c Py_DecRef 267->275 269->229 270->252 271->265 272->273 278 61b064dd 272->278 273->274 282 61b063e2-61b063ec 274->282 283 61b063dd free 274->283 275->237 278->274 284 61b063f3-61b063fd 282->284 285 61b063ee free 282->285 283->282 286 61b06404-61b0640b 284->286 287 61b063ff free 284->287 285->284 288 61b06412-61b0641c 286->288 289 61b0640d free 286->289 287->286 290 61b06428-61b0642f 288->290 291 61b0641e-61b06422 288->291 289->288 293 61b06431-61b06435 290->293 294 61b0643b-61b06445 290->294 291->290 292 61b064e2-61b064ef _Py_Dealloc 291->292 292->293 298 61b064f5 292->298 293->294 295 61b06500-61b06510 _Py_Dealloc 293->295 296 61b06451-61b06458 294->296 297 61b06447-61b0644b 294->297 295->297 300 61b06516 295->300 296->263 299 61b0645a-61b06460 296->299 297->296 301 61b06520-61b0652d _Py_Dealloc 297->301 298->294 302 61b06462-61b06466 299->302 303 61b0646c-61b06473 299->303 300->296 301->299 304 61b06533 301->304 302->303 305 61b06550-61b0655a _Py_Dealloc 302->305 306 61b06475-61b06479 303->306 307 61b0647f-61b06486 303->307 304->263 305->303 306->307 308 61b06570-61b0657a _Py_Dealloc 306->308 309 61b06492-61b06499 307->309 310 61b06488-61b0648c 307->310 308->307 309->263 312 61b0649b-61b0649f 309->312 310->309 311 61b06560-61b0656a _Py_Dealloc 310->311 311->309 312->263 313 61b06540-61b06547 _Py_Dealloc 312->313 313->305
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyEval_GetFrame.PYTHON39 ref: 61B054E2
                                                                                                                                                                                                                              • PyUnicode_FromFormat.PYTHON39 ref: 61B054FF
                                                                                                                                                                                                                              • Py_DecRef.PYTHON39 ref: 61B05513
                                                                                                                                                                                                                              • PyUnicode_AsUTF8.PYTHON39 ref: 61B05924
                                                                                                                                                                                                                              • PyImport_GetModuleDict.PYTHON39 ref: 61B05958
                                                                                                                                                                                                                              • PyDict_GetItem.PYTHON39 ref: 61B05966
                                                                                                                                                                                                                              • PyModule_GetDict.PYTHON39 ref: 61B05977
                                                                                                                                                                                                                              • PyDict_GetItemString.PYTHON39 ref: 61B0598A
                                                                                                                                                                                                                              • PyImport_ExecCodeModuleObject.PYTHON39 ref: 61B059AD
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON39 ref: 61B059B6
                                                                                                                                                                                                                                • Part of subcall function 61B0FDB0: VirtualAlloc.KERNEL32 ref: 61B0FE09
                                                                                                                                                                                                                                • Part of subcall function 61B0FDB0: memcpy.MSVCRT ref: 61B0FE2C
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DictDict_Import_ItemModuleUnicode_$AllocCodeErr_Eval_ExecFormatFrameFromModule_ObjectOccurredStringVirtualmemcpy
                                                                                                                                                                                                                              • String ID: $%s (%d:%d)$<frozen %U>$__main__$__mp_main__$__spec__
                                                                                                                                                                                                                              • API String ID: 3240200909-2782528897
                                                                                                                                                                                                                              • Opcode ID: 79e49e1a0f4c5f7ace8e3163572a6b7eb7de387039fefbf6590618699c62d7c0
                                                                                                                                                                                                                              • Instruction ID: ebadcfa80f74b7d86e44f9625594442545cb8e30a9c1c4f716885080fdcf8e34
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79e49e1a0f4c5f7ace8e3163572a6b7eb7de387039fefbf6590618699c62d7c0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BD16B32606AC08AFE198FA6E8903AD7B61EB85F96F0C9515CE5D47B64DF29C095C310
                                                                                                                                                                                                                              Function 00007FF7564237C0 Relevance: 33.5, APIs: 6, Strings: 13, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 325 7ff7564237c0-7ff7564237f6 call 7ff75642e210 329 7ff7564237fc-7ff75642380e 325->329 330 7ff756423a31-7ff756423a3d call 7ff756422e10 325->330 334 7ff756423a42-7ff756423a4e call 7ff756422e10 329->334 335 7ff756423814-7ff756423818 329->335 330->334 344 7ff756423a53-7ff756423a78 334->344 337 7ff75642381e-7ff756423825 335->337 338 7ff756423910 335->338 341 7ff756423848-7ff75642384c 337->341 339 7ff756423912-7ff756423925 338->339 342 7ff75642384e-7ff756423892 call 7ff756421c30 call 7ff7564231f0 341->342 343 7ff756423830-7ff756423842 call 7ff756421bf0 341->343 354 7ff756423898-7ff7564238d8 342->354 355 7ff756423926-7ff75642392d call 7ff756422e10 342->355 343->338 343->341 352 7ff756423bae-7ff756423bba 344->352 353 7ff756423a7e-7ff756423a99 344->353 363 7ff756423bbf-7ff756423bc1 352->363 361 7ff756423ba0-7ff756423ba7 353->361 362 7ff756423a9f-7ff756423ab8 353->362 373 7ff7564238da-7ff7564238ff 354->373 374 7ff756423939-7ff756423951 call 7ff756422e10 354->374 360 7ff756423932-7ff756423937 355->360 360->339 361->352 364 7ff756423abd-7ff756423ac3 362->364 365 7ff756423b88-7ff756423b9b 363->365 364->363 367 7ff756423ac9-7ff756423b67 364->367 365->361 367->363 395 7ff756423b69-7ff756423b7b 367->395 382 7ff756423901-7ff756423909 free 373->382 383 7ff756423953-7ff7564239a9 373->383 374->360 382->343 393 7ff7564239ab-7ff7564239b3 _strdup 383->393 394 7ff7564239b6-7ff7564239d7 call 7ff756422370 383->394 393->394 394->344 401 7ff7564239d9-7ff756423a12 _strdup call 7ff756422c50 394->401 395->365 399 7ff756423b7d-7ff756423b85 _strdup 395->399 399->365 405 7ff756423a17-7ff756423a2c free * 2 401->405 405->339
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID: %s%c%s.py$Absolute path to script exceeds PATH_MAX$Could not get __main__ module's dict.$Could not get __main__ module.$Failed to unmarshal code object for %s$Traceback is disabled via bootloader option.$\$__file__$__main__$_pyi_main_co$format_exception$pyi-disable-windowed-traceback$traceback
                                                                                                                                                                                                                              • API String ID: 1294909896-4198433784
                                                                                                                                                                                                                              • Opcode ID: fe304192d01254125df0be07ea9e7b8952a4c3b9a6e73080f8d21f8ca7a7d36e
                                                                                                                                                                                                                              • Instruction ID: df694204dc3e25ff5a9559092111b5e44e035d4c0e622783c5e1e7347a791aa4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe304192d01254125df0be07ea9e7b8952a4c3b9a6e73080f8d21f8ca7a7d36e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92B12C25B09A4A85EA41BB16EC5427AA361BF86FC1FD84032DD4E077B5EE3CE645D320
                                                                                                                                                                                                                              Function 00007FF756425690 Relevance: 28.6, APIs: 2, Strings: 17, Instructions: 140COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$EnvironmentVariable
                                                                                                                                                                                                                              • String ID: %s%c%s%c%s%c%s%c%s$;$;$C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI63522\lib-dynload;C:\Users\jone$C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI63522\lib-dynload;C:\Users\user\AppData\Local\Temp\_MEI63522$Error detected starting Python VM.$Failed to convert argv to wchar_t$Failed to convert progname to wchar_t$Failed to convert pyhome to wchar_t$Failed to convert pypath to wchar_t$Invalid value for PYTHONUTF8=%s; disabling utf-8 mode!$PYTHONUTF8$\$\$base_library.zip$lib-dynload$sys.path (based on %s) exceeds buffer[%d] space
                                                                                                                                                                                                                              • API String ID: 471908985-877974146
                                                                                                                                                                                                                              • Opcode ID: ab8ff1ee608934c2458311926439b3dce4ad8e45f92b96bdcc2ee15e96f5623a
                                                                                                                                                                                                                              • Instruction ID: fab9024fa5497dc4109cc9ef84bf25bfbc5413f57841228a5465dcc18a5e28ac
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab8ff1ee608934c2458311926439b3dce4ad8e45f92b96bdcc2ee15e96f5623a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7617D21E19A4A85FA15BB11EC5027BA362BF54B84FDC4032D90E177A1CF2EE755C720
                                                                                                                                                                                                                              Function 00007FF756421850 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 198fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 466 7ff756421850-7ff7564218bd call 7ff756428c60 469 7ff756421b3b-7ff756421b53 call 7ff756422e10 466->469 470 7ff7564218c3-7ff7564218d3 malloc 466->470 483 7ff756421b58-7ff756421b76 469->483 472 7ff756421b9a-7ff756421bb1 call 7ff756422f90 470->472 473 7ff7564218d9-7ff7564218e9 malloc 470->473 484 7ff756421b92 472->484 476 7ff756421b7b-7ff756421b8d call 7ff756422f90 473->476 477 7ff7564218ef 473->477 476->484 480 7ff7564218f3-7ff756421915 fread 477->480 481 7ff75642191b-7ff756421925 ferror 480->481 482 7ff756421a35 480->482 481->482 485 7ff75642192b-7ff756421945 481->485 486 7ff756421a3a-7ff756421a67 call 7ff75642ab00 free * 2 482->486 487 7ff756421ad0-7ff756421ad8 483->487 484->472 488 7ff756421948-7ff756421964 call 7ff756428d10 485->488 490 7ff7564219d3-7ff7564219d5 487->490 497 7ff75642196a-7ff75642196d 488->497 498 7ff756421a10-7ff756421a13 488->498 490->488 493 7ff7564219db-7ff7564219f5 490->493 495 7ff7564219fb-7ff7564219fe 493->495 496 7ff756421bb3-7ff756421bb5 493->496 495->480 499 7ff756421a04-7ff756421a0c 495->499 496->486 501 7ff756421973-7ff75642198c 497->501 502 7ff756421a70-7ff756421a76 497->502 500 7ff756421a19-7ff756421a1c 498->500 498->501 499->486 503 7ff756421a0e 499->503 504 7ff756421a22-7ff756421a30 call 7ff756422e10 500->504 505 7ff756421a80-7ff756421a89 501->505 506 7ff756421992-7ff7564219b4 fwrite 501->506 502->504 503->504 504->482 505->490 510 7ff756421a8f-7ff756421a93 505->510 508 7ff7564219ba-7ff7564219c9 ferror 506->508 509 7ff756421b2d-7ff756421b36 506->509 508->509 511 7ff7564219cf 508->511 509->504 512 7ff756421ae0-7ff756421b2b 510->512 513 7ff756421a95-7ff756421a99 510->513 511->490 512->487 513->483 514 7ff756421a9f-7ff756421aa2 513->514 514->487 515 7ff756421aa4-7ff756421ab5 514->515 515->487 516 7ff756421ab7-7ff756421acb 515->516 516->487
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc$ferrorfree$freadfwrite
                                                                                                                                                                                                                              • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$_MEIPASS2$malloc
                                                                                                                                                                                                                              • API String ID: 1635854594-2784975069
                                                                                                                                                                                                                              • Opcode ID: ab90151ca6e3ccc0bb6d8bf7546c08961e7dfadb3655b8daa27513bc3c6a8ece
                                                                                                                                                                                                                              • Instruction ID: ec6cfa7f1847b110d8fb15979342396b67fcc964f6c6722d7f8c46ba4de3ba9b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab90151ca6e3ccc0bb6d8bf7546c08961e7dfadb3655b8daa27513bc3c6a8ece
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3481B122B0CA8585E760AB11AC403AFE2A2EB557D4FA84131DF8D437D5EF7DE685C710
                                                                                                                                                                                                                              Function 00007FF75642E5C0 Relevance: 25.9, APIs: 17, Instructions: 353COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 517 7ff75642e5c0-7ff75642e5ed call 7ff756438558 520 7ff75642e5ff-7ff75642e618 setlocale 517->520 521 7ff75642e5ef-7ff75642e5fb _strdup 517->521 522 7ff75642e61e-7ff75642e627 520->522 523 7ff75642ea4b-7ff75642eac1 wcstombs realloc wcstombs setlocale free 520->523 521->520 522->523 524 7ff75642e62d-7ff75642e6d2 mbstowcs call 7ff75642e210 mbstowcs 522->524 525 7ff75642eac8-7ff75642ead4 523->525 528 7ff75642e73b-7ff75642e740 524->528 529 7ff75642e6d4-7ff75642e6df 524->529 532 7ff75642e75b-7ff75642e765 528->532 533 7ff75642e742-7ff75642e751 528->533 530 7ff75642e6ee-7ff75642e703 529->530 531 7ff75642e6e1-7ff75642e6ec 529->531 534 7ff75642e75a 530->534 535 7ff75642e705-7ff75642e713 530->535 531->528 531->530 537 7ff75642e76b-7ff75642e77b 532->537 538 7ff75642ea41-7ff75642ea44 532->538 533->532 536 7ff75642e753-7ff75642e758 533->536 534->532 535->534 539 7ff75642e715-7ff75642e736 setlocale free 535->539 536->532 540 7ff75642e7d1-7ff75642e7db 537->540 538->523 541 7ff75642ea46-7ff75642ea49 539->541 542 7ff75642e77d-7ff75642e788 540->542 543 7ff75642e7dd 540->543 541->525 545 7ff75642e78a-7ff75642e795 542->545 546 7ff75642e79e-7ff75642e7a9 542->546 544 7ff75642e7e0-7ff75642e7e8 543->544 551 7ff75642e7ea-7ff75642e993 544->551 552 7ff75642e7ef-7ff75642e7fc 544->552 547 7ff75642e797 545->547 548 7ff75642e7cc 545->548 549 7ff75642e799 546->549 550 7ff75642e7ab-7ff75642e7b6 546->550 547->546 548->540 549->546 550->549 553 7ff75642e7b8-7ff75642e7c2 550->553 561 7ff75642e9a2-7ff75642e9a7 551->561 562 7ff75642e995-7ff75642e9a0 551->562 555 7ff75642e818-7ff75642e820 552->555 556 7ff75642e7fe-7ff75642e809 552->556 559 7ff75642e7df 553->559 560 7ff75642e7c4-7ff75642e7c8 553->560 557 7ff75642e87a-7ff75642e890 555->557 558 7ff75642e822-7ff75642e82d 555->558 556->552 563 7ff75642e80b-7ff75642e816 556->563 566 7ff75642e897-7ff75642e8a2 557->566 564 7ff75642e83c-7ff75642e851 558->564 565 7ff75642e82f-7ff75642e83a 558->565 559->544 560->548 568 7ff75642e9ba-7ff75642ea19 wcstombs realloc wcstombs 561->568 562->561 567 7ff75642e9a9-7ff75642e9b5 562->567 563->552 563->555 564->557 569 7ff75642e853-7ff75642e862 564->569 565->557 565->564 570 7ff75642e892 566->570 571 7ff75642e8a4-7ff75642e8af 566->571 567->568 572 7ff75642ea1e-7ff75642ea3f setlocale free 568->572 569->557 573 7ff75642e864-7ff75642e873 569->573 570->566 571->570 574 7ff75642e8b1-7ff75642e8bd 571->574 572->541 573->557 575 7ff75642e875 573->575 576 7ff75642e8bf-7ff75642e8d1 574->576 577 7ff75642e8d3-7ff75642e8d7 574->577 575->557 576->577 578 7ff75642e8db-7ff75642e8e3 576->578 577->578 579 7ff75642e93a-7ff75642e944 578->579 580 7ff75642e8e5-7ff75642e902 579->580 581 7ff75642e946-7ff75642e96f wcstombs 579->581 583 7ff75642e920-7ff75642e92b 580->583 584 7ff75642e904-7ff75642e917 580->584 581->572 582 7ff75642e975-7ff75642e983 581->582 582->572 586 7ff75642e92d-7ff75642e938 583->586 587 7ff75642e91b 583->587 584->579 585 7ff75642e919 584->585 585->583 586->579 586->587 587->583
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcstombs$setlocale$free$mbstowcsrealloc$_strdup
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 918573998-0
                                                                                                                                                                                                                              • Opcode ID: 4f3644d43bcff6d60e344e15b145b14c877b8218c65d81bf6433366fb5c615b1
                                                                                                                                                                                                                              • Instruction ID: db5125e36322cdfa287046d2c3342de524fa4f952155542650ef9d0954d311ae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f3644d43bcff6d60e344e15b145b14c877b8218c65d81bf6433366fb5c615b1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7FF16066F04B19C8EB40AB66C8402BE77B1FB44B88F988436DE4D17799EF39D591C320
                                                                                                                                                                                                                              Function 00007FF756421FC0 Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 144COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freadmalloc$fcloseferrorfree
                                                                                                                                                                                                                              • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 1320676746-1463511288
                                                                                                                                                                                                                              • Opcode ID: 4e2c904d344da87fd39781536d79ff69eab24c389df44a32d6747fbc6802edb0
                                                                                                                                                                                                                              • Instruction ID: 0aa77a9d8b13c0d9fdf93004cff6408e5beda5ca2f6a18aa8f2ef86d0556f1c3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e2c904d344da87fd39781536d79ff69eab24c389df44a32d6747fbc6802edb0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F519F71B0960697EA24EB15DD4057BA7A2BF48784F988035DB0C43B95DF3EE6A08720
                                                                                                                                                                                                                              Function 00007FF756421C30 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 103COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclosefreadfreemalloc
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                              • API String ID: 3295367466-3659356012
                                                                                                                                                                                                                              • Opcode ID: 17fdcdd1a3fc37e4209a42b24c15de99c4d73d13f7e97aad680c5112d30bb94d
                                                                                                                                                                                                                              • Instruction ID: 11f6c4ad33155e39f9bcd5aac7a1325b7f5d318a7d8844d7e310150ccb03e704
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17fdcdd1a3fc37e4209a42b24c15de99c4d73d13f7e97aad680c5112d30bb94d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E31DF22B0A55695FE55BB129C506BB9312AF10BD8FEC4032DE0D07A85EF3EE785C320
                                                                                                                                                                                                                              Function 00007FF756422B20 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$_wcsdup$DeleteDestroyDialogHandleIconIndirectModuleObjectParammemset
                                                                                                                                                                                                                              • String ID: Unhandled exception in script
                                                                                                                                                                                                                              • API String ID: 2803985813-2699770090
                                                                                                                                                                                                                              • Opcode ID: 64bc39c5d433a48c8e5171e958ce367fe8d226f9999c7e71dbde2405df755cf4
                                                                                                                                                                                                                              • Instruction ID: 4bc556b64d53d128f31675dc2ff39da1d44cf19ad7dfa1e9204c124a20766964
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64bc39c5d433a48c8e5171e958ce367fe8d226f9999c7e71dbde2405df755cf4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97218F32B0D68686EA61AB61BC546FBE361AB95B80FC80135EE4E47B45DE3CD245C720
                                                                                                                                                                                                                              Function 00007FF756421810 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 285stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 674 7ff756421810-7ff756423cc3 call 7ff7564282b0 call 7ff75642e210 call 7ff7564222f0 682 7ff756424078 674->682 683 7ff756423cc9-7ff756423cdc call 7ff756424430 674->683 686 7ff756424080-7ff75642408f call 7ff756426020 682->686 683->682 687 7ff756423ce2-7ff756423cf7 call 7ff7564244c0 683->687 691 7ff75642409f-7ff7564240b3 call 7ff756426450 call 7ff7564262f0 686->691 692 7ff756424091-7ff75642409d call 7ff756426240 686->692 687->682 696 7ff756423cfd-7ff756423d12 call 7ff7564244b0 687->696 708 7ff7564240c0-7ff7564240d0 call 7ff7564221f0 691->708 692->691 700 7ff756424118-7ff756424125 call 7ff756426570 692->700 696->682 705 7ff756423d18-7ff756423d2d call 7ff756427100 696->705 710 7ff75642412a-7ff756424135 fclose 700->710 712 7ff756423e90-7ff756423ea8 call 7ff7564271f0 call 7ff7564221f0 705->712 713 7ff756423d33-7ff756423d4d call 7ff756427100 705->713 720 7ff756423d96-7ff756423dca call 7ff756428360 708->720 721 7ff7564240d6 708->721 716 7ff7564240e6-7ff7564240f5 call 7ff756422e10 710->716 737 7ff756423eae-7ff756423ece call 7ff756423660 712->737 738 7ff756424050-7ff756424060 call 7ff7564221f0 712->738 724 7ff756423d78-7ff756423d89 call 7ff7564271f0 call 7ff7564221f0 713->724 725 7ff756423d4f-7ff756423d55 713->725 716->682 739 7ff756424137-7ff756424143 call 7ff756422e10 720->739 740 7ff756423dd0-7ff756423dd9 SetDllDirectoryW call 7ff7564262b0 720->740 728 7ff756424066-7ff756424073 call 7ff756422e10 721->728 747 7ff756423d8e-7ff756423d90 724->747 729 7ff756423d5b-7ff756423d73 free call 7ff7564271f0 725->729 730 7ff756424040 725->730 728->682 729->724 730->738 754 7ff756423f7e-7ff756423f83 call 7ff7564262b0 737->754 755 7ff756423ed4-7ff756423ed9 737->755 738->728 753 7ff756423ee8-7ff756423efd call 7ff7564244f0 738->753 739->682 750 7ff756423dde-7ff756423de9 740->750 747->708 747->720 751 7ff756423f88-7ff756423f98 call 7ff756425e00 750->751 752 7ff756423def-7ff756423df4 call 7ff7564262f0 750->752 751->686 766 7ff756423f9e-7ff756423fab call 7ff7564262f0 751->766 760 7ff756423df9-7ff756423e06 strcmp 752->760 767 7ff7564240e0 753->767 768 7ff756423f03-7ff756423f50 call 7ff756427e80 753->768 754->751 755->753 764 7ff756423e08-7ff756423e2b call 7ff756423c60 760->764 765 7ff756423e4a-7ff756423e55 call 7ff756423bd0 call 7ff756423be0 760->765 764->682 778 7ff756423e31-7ff756423e45 strcpy 764->778 782 7ff756423e5a-7ff756423e73 call 7ff756423c40 call 7ff756426450 call 7ff7564262f0 765->782 766->760 780 7ff756423fb1-7ff756423fc0 call 7ff7564236c0 766->780 767->716 768->710 777 7ff756423f56-7ff756423f78 call 7ff756423660 768->777 777->754 777->755 778->765 780->682 787 7ff756423fc6-7ff756423fd0 780->787 796 7ff756423e78-7ff756423e8d 782->796 789 7ff756423fd9-7ff756423fec call 7ff756427190 call 7ff756427ad0 787->789 790 7ff756423fd2 787->790 789->682 799 7ff756423ff2-7ff756424025 call 7ff756423c50 call 7ff756427ae0 call 7ff756426450 call 7ff7564262f0 789->799 790->789 808 7ff75642402b-7ff756424033 call 7ff756422330 799->808 809 7ff756424100-7ff75642410c call 7ff7564275b0 799->809 808->796 809->808
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$EnvironmentVariable$DirectoryFileModuleNamecallocstrcmpstrcpy
                                                                                                                                                                                                                              • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                              • API String ID: 4056350997-3096095006
                                                                                                                                                                                                                              • Opcode ID: 163837490334664458a1b5cb4a4c48bfa70e005831aa784c70697f90c507403a
                                                                                                                                                                                                                              • Instruction ID: 107b25bdae6c66ca5c1d129a16ecde2d52da695fb57b9960c3cdddc461e04623
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 163837490334664458a1b5cb4a4c48bfa70e005831aa784c70697f90c507403a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9C1A421A0C64241EA21BB21DC111BBE766AF55BC0FEC4131ED4E477D6DE3EE7858760
                                                                                                                                                                                                                              Function 00007FF756422490 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                              • String ID: P%
                                                                                                                                                                                                                              • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                              • Opcode ID: a839c26ad41a32b312ea40c23277b97f641906523e6e9437f4bb55947a152f4a
                                                                                                                                                                                                                              • Instruction ID: cedd612918f0791cfeda6a8b44b17382b459d1b5e826e5996d01d2d3650e647a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a839c26ad41a32b312ea40c23277b97f641906523e6e9437f4bb55947a152f4a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C41DC76214AA186D7208F35E40877AB7A1F788F99F488231EE4947B5CDB3CD145CB20
                                                                                                                                                                                                                              Function 00007FF756425910 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 85stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freestrlen
                                                                                                                                                                                                                              • String ID: Failed to get _MEIPASS as PyObject.$Module object for %s is NULL!$_MEIPASS$_MEIPASS2$strict$utf-8
                                                                                                                                                                                                                              • API String ID: 322734593-568040347
                                                                                                                                                                                                                              • Opcode ID: 5e77ee1889ef98b1a436d96c61f45840be41fbbdfb4473148f5ed7d6f50592e4
                                                                                                                                                                                                                              • Instruction ID: 6a6ca7be4c288e0957a2eeefe615593aec62d80b61dc47d593016b27a5b47032
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e77ee1889ef98b1a436d96c61f45840be41fbbdfb4473148f5ed7d6f50592e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3316122B18A4A81EA54BB22EC4517BE362BF55BD0FDC4432DD0E477A5DE3CE645C320
                                                                                                                                                                                                                              Function 00007FF756422A60 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DialogLongWindow$InvalidateRect
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1200242243-0
                                                                                                                                                                                                                              • Opcode ID: 8d1a1ef33b5918aab71f8057aab11e969dfa1f6eed953f59965c6464f5913edc
                                                                                                                                                                                                                              • Instruction ID: 37987f8d7f14ad9a1decfada38f6e13283ac7f177bc82a38689025f033598544
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d1a1ef33b5918aab71f8057aab11e969dfa1f6eed953f59965c6464f5913edc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF019221E0D02743FB7877666D452BFE296EF98751FEC9431CD0E45F888C3E6A825221
                                                                                                                                                                                                                              Function 00007FF756422C50 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to obtain/convert traceback!
                                                                                                                                                                                                                              • API String ID: 3219091393-982972847
                                                                                                                                                                                                                              • Opcode ID: a6cacc13f3b657632dcd8ceb073aaa7f338d2e93dbcb730e3135e9d3a00378a8
                                                                                                                                                                                                                              • Instruction ID: 6919871a8699b60622643ef0ea056178b9d1af77ad9cac7e3f9aae95527decc5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6cacc13f3b657632dcd8ceb073aaa7f338d2e93dbcb730e3135e9d3a00378a8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1018401B0A2660AFDB975671D225BFC0461F05FD0DEC4434ED0E5BF82EC2EE6414360
                                                                                                                                                                                                                              Function 00007FF756427E80 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freemalloc
                                                                                                                                                                                                                              • String ID: _MEIPASS2
                                                                                                                                                                                                                              • API String ID: 3061335427-3944641314
                                                                                                                                                                                                                              • Opcode ID: 664f599587c28afe2d96137961ffcdcee748f09dbcc7a1ab0a2c2cf989628d6e
                                                                                                                                                                                                                              • Instruction ID: e5ec16ee1829e522e37a96411d739f1bb4cad514cda05919f8aa653df9efc284
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 664f599587c28afe2d96137961ffcdcee748f09dbcc7a1ab0a2c2cf989628d6e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B21CF12B0C15241FE50BA129D047BBD6576F45BC8FED0431EE0D0BB96EE3EEA42C220
                                                                                                                                                                                                                              Function 00007FF7564262B0 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: calloc
                                                                                                                                                                                                                              • String ID: Cannot allocate memory for SPLASH_STATUS.$calloc
                                                                                                                                                                                                                              • API String ID: 2635317215-799113134
                                                                                                                                                                                                                              • Opcode ID: 14a32cd857dbd92defe4032d862b57eb2578cba3fc4f595bda8e0d1e37d21c2a
                                                                                                                                                                                                                              • Instruction ID: dd1c10921128daa3421269f8ce70b8a04720951501f15b1df472871224103e11
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14a32cd857dbd92defe4032d862b57eb2578cba3fc4f595bda8e0d1e37d21c2a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52E0EC55F0860A81EA24770098411BBA752DF94384FED4439D90C067A5DD3DE7958774
                                                                                                                                                                                                                              Function 00007FFDFAF52FB8 Relevance: 3.9, APIs: 3, Instructions: 107COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freemalloc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3061335427-0
                                                                                                                                                                                                                              • Opcode ID: 6864a761944ec2654b58eae12ae0b32c8dbe35088e837abbc3cabeeea62e08e4
                                                                                                                                                                                                                              • Instruction ID: e29fd595ec22c04d58df4b5a394b2553390d481aba7cbccd44fd6bd3089dbfe8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6864a761944ec2654b58eae12ae0b32c8dbe35088e837abbc3cabeeea62e08e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C31B421F1E6824AEF58CB46B4609399360EF8EBD0F480535EE6D57BDDDE2CE8818700
                                                                                                                                                                                                                              Function 00007FF75642F2E0 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fsetpos
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 850078086-0
                                                                                                                                                                                                                              • Opcode ID: 95a1f5fe9a5fe2a7bfad161a45af88282180bbd6d4cb238cd0f8543df206dc4d
                                                                                                                                                                                                                              • Instruction ID: 6dc0603f1b0e48ab199095cff567d017997c988efcd5cbb94f89ea8b75353811
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95a1f5fe9a5fe2a7bfad161a45af88282180bbd6d4cb238cd0f8543df206dc4d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02116F72B04B4699EF50AF248C010AE73A5BB047D8FD40A34EA1D07B99DF39D2508660
                                                                                                                                                                                                                              Function 00007FF7564221F0 Relevance: 3.0, APIs: 2, Instructions: 48stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclosestrcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3396940900-0
                                                                                                                                                                                                                              • Opcode ID: 6cc95683693a3dbb550295e2a6fd08cfbe8d6d64ada2c0a8bf92653e50a8f922
                                                                                                                                                                                                                              • Instruction ID: 0f7f25681d1eee72fab4f0bc496a874a5912d5ae7d797ab5f590e117a845395e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6cc95683693a3dbb550295e2a6fd08cfbe8d6d64ada2c0a8bf92653e50a8f922
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A11E561B1868241FB60BA71ED103FB92928F54BD4FAC8132DD0C877CADE2ED6858330
                                                                                                                                                                                                                              Function 00007FF756427A70 Relevance: 3.0, APIs: 2, Instructions: 20libraryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF756428360: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF756422F80), ref: 00007FF756428396
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32 ref: 00007FF756427A91
                                                                                                                                                                                                                              • free.MSVCRT ref: 00007FF756427A9D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharLibraryLoadMultiWidefree
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3231889924-0
                                                                                                                                                                                                                              • Opcode ID: 15be6fba2ca5259f10a7a943859ec523c2230b9505e92fe9fec49e481c93da1f
                                                                                                                                                                                                                              • Instruction ID: cddec723fcb4c2ff0a624acf5fed6faadecdf1bf3dc0770b76cdc6ca23e06d57
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15be6fba2ca5259f10a7a943859ec523c2230b9505e92fe9fec49e481c93da1f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FFD05E01F2A17A05FED8B27B2C1A6AB81816F99FC0DDC9034DC0E4BB45EC3D96864710
                                                                                                                                                                                                                              Function 00007FF75642F19B Relevance: 2.6, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freememsetwcslen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2332356550-0
                                                                                                                                                                                                                              • Opcode ID: 7e8736918b8d96a05a897c247fde8f7ba40cff4cbd07d239d323cc5040ca274f
                                                                                                                                                                                                                              • Instruction ID: 36a510c692ff4fa0b2f5d6a9c649f26d6931365fca009a7fca3c4cbe2612b3bd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e8736918b8d96a05a897c247fde8f7ba40cff4cbd07d239d323cc5040ca274f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D731D966B00B1489DB10DF76D48109D7BB1FB58BA8B548526EE1C53B68EB34C591C7A0
                                                                                                                                                                                                                              Function 00007FF7564244F0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF756428360: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF756422F80), ref: 00007FF756428396
                                                                                                                                                                                                                              • _wfopen.MSVCRT ref: 00007FF756424535
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_wfopen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 372205238-0
                                                                                                                                                                                                                              • Opcode ID: 23ef8f33a25aac41143890430be6b00d3d12b7085065af13003f8baabe36ac29
                                                                                                                                                                                                                              • Instruction ID: d9d799acbba621591183e005fca8bcb32f40c2d24a6c81bb0f074081e5f854f5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23ef8f33a25aac41143890430be6b00d3d12b7085065af13003f8baabe36ac29
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AE09A91B0822105E9247216AE157EEC252AF4AFC0E988031EE0E2BB8A8D2ED3478715
                                                                                                                                                                                                                              Function 00007FF756428C60 Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                              • Opcode ID: cfa0da2336491b7a88924ea460807e7c19be704343887749ee5261d5bae8cc1d
                                                                                                                                                                                                                              • Instruction ID: 2d89e31c7fce57fe78573331ec0fbbe0a1ebd445aea707b20a3b394d2f943465
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfa0da2336491b7a88924ea460807e7c19be704343887749ee5261d5bae8cc1d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6121B671A0AB4249FBA46B169C5033EA592EB84F94FBC4234CD1E477D4DF3ADA868350
                                                                                                                                                                                                                              Function 00007FF75642AB00 Relevance: 1.3, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                              • Opcode ID: 73f3d0bde6a3b300e56a429bb104bd2219b5537dc97b66603f9572d233ab368e
                                                                                                                                                                                                                              • Instruction ID: af3b35e95600463460eb99ae5e1e3e7d92ff28391e4b2d4b953e2a6356a0cb3e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73f3d0bde6a3b300e56a429bb104bd2219b5537dc97b66603f9572d233ab368e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49F03062A05A1586DB50AB3ADC5436E67A2EB4CFF8F691231CE0D47394EE26CCD1C390

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 61B14C40 Relevance: 63.4, APIs: 30, Strings: 6, Instructions: 406memorystringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesAllocComputerFreeNamemallocstrlen
                                                                                                                                                                                                                              • String ID: 01234567$89abcdef$:[sc$Characteristics$NetCfgInstanceId$SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
                                                                                                                                                                                                                              • API String ID: 1478035857-3618987999
                                                                                                                                                                                                                              • Opcode ID: 8f720287727ff0ed35be33faaf2c348abf14f605d4bad4cd11159206e5992a71
                                                                                                                                                                                                                              • Instruction ID: de7027cfbb284c6e82c79fdb6e8b99db46de27ffdb12eee11c97e49f1a96c85a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f720287727ff0ed35be33faaf2c348abf14f605d4bad4cd11159206e5992a71
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FF19F7231D7C186EB68CB56B44579FBBA1F78AB88F858125DE8947B58DB39C004CB04
                                                                                                                                                                                                                              Function 61B09C10 Relevance: 51.2, APIs: 27, Strings: 2, Instructions: 477COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • EOF read where object expected, xrefs: 61B0B4FD
                                                                                                                                                                                                                              • bad marshal data (index list too large), xrefs: 61B0AF99
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$AppendList_OccurredString
                                                                                                                                                                                                                              • String ID: EOF read where object expected$bad marshal data (index list too large)
                                                                                                                                                                                                                              • API String ID: 2605687773-1134984
                                                                                                                                                                                                                              • Opcode ID: 2ff74ffaaa3109acb662564c9e457142be93fc4a471d016a619025ae56815b61
                                                                                                                                                                                                                              • Instruction ID: 1b8924fd6f9bbb93d3502d1499bd2ecf3e3871c00957e8a4b7707688f96bbb62
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ff74ffaaa3109acb662564c9e457142be93fc4a471d016a619025ae56815b61
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3612893620ABC085EB68CF66E65476E7BA1FB89B86F09C515CA9D47B14EF3DC054CB00
                                                                                                                                                                                                                              Function 61B038D6 Relevance: 44.2, APIs: 23, Strings: 2, Instructions: 418stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Deallocfreemallocmemcpystrcmp
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$N+
                                                                                                                                                                                                                              • API String ID: 2421945241-2748867177
                                                                                                                                                                                                                              • Opcode ID: 3d65cbd4ff520d4925a45f49f8c6872102b05f9c5e2c530eb443dcee6d6eece2
                                                                                                                                                                                                                              • Instruction ID: b4176ce6f923eafb541a0c6e27ff60efbb78fe6b2e3ee79d851f7a8cb9d21d2a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d65cbd4ff520d4925a45f49f8c6872102b05f9c5e2c530eb443dcee6d6eece2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EF1F2723057C08AEB18CF6AD4907993F61EB86B9AF4CC212DEA9477A4EF39C151C710
                                                                                                                                                                                                                              Function 61B02C80 Relevance: 42.3, APIs: 20, Strings: 4, Instructions: 282librarystringloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyEval_GetGlobals.PYTHON39 ref: 61B02CE4
                                                                                                                                                                                                                              • PyFunction_NewWithQualName.PYTHON39 ref: 61B02CF3
                                                                                                                                                                                                                              • _PyObject_CallFunction_SizeT.PYTHON39 ref: 61B02D2F
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B02D71
                                                                                                                                                                                                                              • PyErr_Format.PYTHON39 ref: 61B02E4A
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 61B02E6A
                                                                                                                                                                                                                              • strlen.MSVCRT ref: 61B02E82
                                                                                                                                                                                                                              • PyErr_Format.PYTHON39 ref: 61B03147
                                                                                                                                                                                                                                • Part of subcall function 61B0EED0: PyList_New.PYTHON39 ref: 61B0EF0A
                                                                                                                                                                                                                                • Part of subcall function 61B0EED0: PyMem_Free.PYTHON39 ref: 61B0EF43
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B02F99
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B02FAD
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B02FD9
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B03003
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B03013
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$Err_FormatFunction_$AddressCallEval_FreeGlobalsList_Mem_NameObject_ProcQualSizeWithstrlen
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$/proc/se$lf/exe$z(
                                                                                                                                                                                                                              • API String ID: 4028440157-3850701646
                                                                                                                                                                                                                              • Opcode ID: bed7de334c0de10eff25a010d8375615e4b19e66e45ebd119d35cc51c019af13
                                                                                                                                                                                                                              • Instruction ID: e9aa4ab0e6142efa7cb71c2824d82dde0b1f7256a69adb171f0f53a5a375edbb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bed7de334c0de10eff25a010d8375615e4b19e66e45ebd119d35cc51c019af13
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12B1AC75345BC099EE08CB6AD8887993B62FB8AB86F4CC212DD6A077A4DF3DC545C700
                                                                                                                                                                                                                              Function 61B12510 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 156memoryfileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 61B1255C
                                                                                                                                                                                                                              • CreateFileA.KERNEL32 ref: 61B12590
                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 61B125AA
                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32 ref: 61B12624
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 61B1263A
                                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 61B12677
                                                                                                                                                                                                                              • CreateFileA.KERNEL32 ref: 61B126A4
                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 61B126C5
                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 61B126D4
                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32 ref: 61B1271C
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 61B12735
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 61B1273A
                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 61B12744
                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 61B12766
                                                                                                                                                                                                                                • Part of subcall function 61B121C0: GetLastError.KERNEL32 ref: 61B121C4
                                                                                                                                                                                                                                • Part of subcall function 61B121C0: FormatMessageA.KERNEL32 ref: 61B121F5
                                                                                                                                                                                                                                • Part of subcall function 61B121C0: LocalFree.KERNEL32 ref: 61B12216
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Global$Free$Alloc$ControlCreateDeviceFile_snprintf$CloseErrorFormatHandleLastLocalMessage
                                                                                                                                                                                                                              • String ID: ../src/platforms/windows/hdinfo.c$/%d:$Empty serial number$SCSIDISK$\\.\PhysicalDrive%d$\\.\Scsi%d
                                                                                                                                                                                                                              • API String ID: 1119308327-3953537554
                                                                                                                                                                                                                              • Opcode ID: 5b17c74b17d38fb938e407edcc6ee88065ad89517446ebb4fbba6c1e05880cd7
                                                                                                                                                                                                                              • Instruction ID: b05161d996357b32b711da918bc7a9396a0abe904625d1cc01cb5929fc209b13
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b17c74b17d38fb938e407edcc6ee88065ad89517446ebb4fbba6c1e05880cd7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9851DE31304A8186E754DF62F81478A7B65FB89BE8F5882259E5907BE8CF3DC546C700
                                                                                                                                                                                                                              Function 61B136D0 Relevance: 38.6, APIs: 19, Strings: 3, Instructions: 149networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$Cleanup$closesocketntohlsetsockopt$Startupgethostbynamehtonsrecvfromsendtosocket
                                                                                                                                                                                                                              • String ID: and,$http://$or,
                                                                                                                                                                                                                              • API String ID: 1750001962-2642771825
                                                                                                                                                                                                                              • Opcode ID: 975d619f051ddf8b3ed86d81fce4f049be857e955345c35d44425d69aaca0921
                                                                                                                                                                                                                              • Instruction ID: 34e7937e1197c008907873c686fd60fb79545205405b4b1071e8ac132826655c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 975d619f051ddf8b3ed86d81fce4f049be857e955345c35d44425d69aaca0921
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0451843120978086E714CB65F85435AB7A2FB89BB4F184325DAA947BE8EF7DC4458B00
                                                                                                                                                                                                                              Function 61B09A50 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 179COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (long size out of range), xrefs: 61B0AEB3
                                                                                                                                                                                                                              • bad marshal data (unnormalized long data), xrefs: 61B0AF78
                                                                                                                                                                                                                              • bad marshal data (digit out of range in long), xrefs: 61B0ADB3
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Occurred$Long_String$Dealloc
                                                                                                                                                                                                                              • String ID: bad marshal data (digit out of range in long)$bad marshal data (long size out of range)$bad marshal data (unnormalized long data)
                                                                                                                                                                                                                              • API String ID: 3848820501-2912230410
                                                                                                                                                                                                                              • Opcode ID: 6d20ad8110112b538d0e355b395b7314ade5b59fd9d8ad14f655acca4bf87ef2
                                                                                                                                                                                                                              • Instruction ID: 9d8e953c3b4a0ce7eaeb63e0dcd818bcca117d628943743931f252e49170c024
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d20ad8110112b538d0e355b395b7314ade5b59fd9d8ad14f655acca4bf87ef2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47618C72305790C6EA08CF75C59876A3F66EB85BC6F0ADA10C91A47360DF39D68AC740
                                                                                                                                                                                                                              Function 61B10E92 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 175COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • exceptions must derive from BaseException, xrefs: 61B10EC1
                                                                                                                                                                                                                              • calling %R should have returned an instance of BaseException, not %R, xrefs: 61B1114A
                                                                                                                                                                                                                              • exception causes must derive from BaseException, xrefs: 61B10F2A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                                              • String ID: calling %R should have returned an instance of BaseException, not %R$exception causes must derive from BaseException$exceptions must derive from BaseException
                                                                                                                                                                                                                              • API String ID: 1450464846-2865718950
                                                                                                                                                                                                                              • Opcode ID: ad272a911e7e4528ca935fcff7e8dfe98a5fd1ad182257ee4761b9d98b57f719
                                                                                                                                                                                                                              • Instruction ID: bb7eebae6e49a4a623144786d2e6758f6096af6ce61fb7a5d05445ef827b5350
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad272a911e7e4528ca935fcff7e8dfe98a5fd1ad182257ee4761b9d98b57f719
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F616E32749B8485EB499FABE95679A7B72EB45FD4F0D9021CE4947B28DF39C0A4C300
                                                                                                                                                                                                                              Function 61B07590 Relevance: 28.5, APIs: 15, Strings: 1, Instructions: 467COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Format$malloc
                                                                                                                                                                                                                              • String ID: %s (%d:%d)
                                                                                                                                                                                                                              • API String ID: 1817594650-1595188566
                                                                                                                                                                                                                              • Opcode ID: e363def59d826e25a3e1e7cf38c546dd7c69c3062e7385aa17520cea48bffd81
                                                                                                                                                                                                                              • Instruction ID: 4f0fa2de0aeda26b5d99cfcc49583a3908c58b72c3d154655b1c233190489f5e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e363def59d826e25a3e1e7cf38c546dd7c69c3062e7385aa17520cea48bffd81
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E502AFB6305BC091FE1D8B6AD490369BF61FB85B8AF48D516CEAE0B750EFA9C151C700
                                                                                                                                                                                                                              Function 61B128C0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 171fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseHandleisxdigitmemset$ControlCreateDeviceFileisprintmemcpywsprintf
                                                                                                                                                                                                                              • String ID: /%d:$\\.\PhysicalDrive%d
                                                                                                                                                                                                                              • API String ID: 2355516209-72258043
                                                                                                                                                                                                                              • Opcode ID: 138a37aa47c4eebccc933dcb420f92820b2d45095d1330d7c6b91dd5adf89a13
                                                                                                                                                                                                                              • Instruction ID: bbee433569a191344646c1b19a17a6fe106ac86c60d2637878a45137ad0f1ae5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 138a37aa47c4eebccc933dcb420f92820b2d45095d1330d7c6b91dd5adf89a13
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F51E37221C7C085E714CB76A85135BBBA2FBC7798F188165EEA587B98DB7DC148CB00
                                                                                                                                                                                                                              Function 61B24A20 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 110encryptionCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Cryptclock$Context$Acquire$RandomRelease
                                                                                                                                                                                                                              • String ID: ($Microsoft Base Cryptographic Provider v1.0$out != NULL$src/prngs/rng_get_bytes.c
                                                                                                                                                                                                                              • API String ID: 2525729555-3762154145
                                                                                                                                                                                                                              • Opcode ID: 701e089c1efad32a230531345ef9deefb4e29cdba6629cc784efd8d7e7d07015
                                                                                                                                                                                                                              • Instruction ID: 0c9fc7a70b65e1610f1432fb2f4371946274e521a0d37ccd7f3ded8e9e155fae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 701e089c1efad32a230531345ef9deefb4e29cdba6629cc784efd8d7e7d07015
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A31D832708A8081FB54CBABB84436A7A65F789BD4F499021DE4D83A64EF7AC446C740
                                                                                                                                                                                                                              Function 00007FFDFAF5266C Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EnvironmentVariable$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: .rnd$HOME$RANDFILE$SYSTEMROOT$USERPROFILE
                                                                                                                                                                                                                              • API String ID: 2184640988-1666712896
                                                                                                                                                                                                                              • Opcode ID: 17414fb3dbadd164f9036994a62f8e8a7c38cf9ca0ef5b7dd5b31d780b298b5d
                                                                                                                                                                                                                              • Instruction ID: 89f69dc83539fa0b3fe94be1f622959a428537deb347bf2fa3195099ea61031d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17414fb3dbadd164f9036994a62f8e8a7c38cf9ca0ef5b7dd5b31d780b298b5d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6861D423B0A78396EB108F65D86057967A6EF45BA8B585231DE7D47BE8DF3DE005C300
                                                                                                                                                                                                                              Function 61B12040 Relevance: 18.1, APIs: 12, Instructions: 111memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$Free$Alloc$AdaptersAddressesmemcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1739390247-0
                                                                                                                                                                                                                              • Opcode ID: 5a357d56e44c440f95f05ae211ef9eb39ddadd285db360ad28326048775d2a05
                                                                                                                                                                                                                              • Instruction ID: f5c2263d96cd484322c2852c4b2d88c1d10a8a37f1d44807113463e85d9b1636
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a357d56e44c440f95f05ae211ef9eb39ddadd285db360ad28326048775d2a05
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC31E6623056814AEB49DBB6A804B9D67A3EB4AB94F5CC275EE1C47718FF38C591C700
                                                                                                                                                                                                                              Function 61B7FDF0 Relevance: 12.0, APIs: 8, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlCaptureContext.KERNEL32 ref: 61B7FE04
                                                                                                                                                                                                                              • RtlLookupFunctionEntry.KERNEL32 ref: 61B7FE1B
                                                                                                                                                                                                                              • RtlVirtualUnwind.KERNEL32 ref: 61B7FE5D
                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 61B7FEA1
                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32 ref: 61B7FEAE
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 61B7FEB4
                                                                                                                                                                                                                              • TerminateProcess.KERNEL32 ref: 61B7FEC2
                                                                                                                                                                                                                              • abort.MSVCRT ref: 61B7FEC8
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4278921479-0
                                                                                                                                                                                                                              • Opcode ID: a0a812ffc76c9175bf352137410d7f52faf54efa5365abaca7c707a9a5e8fc50
                                                                                                                                                                                                                              • Instruction ID: 6559642d258820485bc350270ac13c06c96038d85fe802946e16ba42c05e7b2f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0a812ffc76c9175bf352137410d7f52faf54efa5365abaca7c707a9a5e8fc50
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF210372215B4494EB008B65F8803C937A6FB09B94F48652AEA5E43724EF3AC166C340
                                                                                                                                                                                                                              Function 61B03AC1 Relevance: 7.7, APIs: 5, Instructions: 240COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 6bac52f9d6bd08e9f78a1a2e4fd1a8166085d0b1585d08dcaa7917e0c2c0d101
                                                                                                                                                                                                                              • Instruction ID: 856ac09b6776c8671bd432774e63915643aab8ab578b0681c9d7354ef178eed8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6bac52f9d6bd08e9f78a1a2e4fd1a8166085d0b1585d08dcaa7917e0c2c0d101
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36A105B3205ADAABCB06CF69D00459FBF70F705B0EF99C005EB5A8A121D732D95AC741
                                                                                                                                                                                                                              Function 61B7FD10 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32 ref: 61B7FD55
                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 61B7FD60
                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 61B7FD69
                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 61B7FD71
                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32 ref: 61B7FD7E
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1445889803-0
                                                                                                                                                                                                                              • Opcode ID: be7bc4d023320b9d0495d12a03f2c93d45cca27c8ce315fa263f55531906680e
                                                                                                                                                                                                                              • Instruction ID: 2ccc1f1a594f15991460a7afeb07acf74dc8918abfe9451458ffcebc21121056
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be7bc4d023320b9d0495d12a03f2c93d45cca27c8ce315fa263f55531906680e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00118C36625B9086FB608B25F804395A265FB48BB4F086734EEAC037B4EB3DC496C700
                                                                                                                                                                                                                              Function 00007FFDFAF52B5D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastbind
                                                                                                                                                                                                                              • String ID: ..\s\crypto\bio\b_sock2.c
                                                                                                                                                                                                                              • API String ID: 2328862993-3200932406
                                                                                                                                                                                                                              • Opcode ID: f933256663fa9be9d4592beb2c2da40180bdaf449910e1692b9e8b997b1e31ed
                                                                                                                                                                                                                              • Instruction ID: 230912d87e78b86f21f0937210732f97283f365fb97660d96bf2248ae9381bb0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f933256663fa9be9d4592beb2c2da40180bdaf449910e1692b9e8b997b1e31ed
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2218E22F1910286E714DB26E814AAD6360EB84B98F504235EA7C47BEDDF3CE9458B00
                                                                                                                                                                                                                              Function 00007FF756426240 Relevance: 166.6, APIs: 31, Strings: 64, Instructions: 348libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoadfree
                                                                                                                                                                                                                              • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                              • API String ID: 4213687213-1453502826
                                                                                                                                                                                                                              • Opcode ID: 48ee1d969c594a826a3bdca5ec694cebb7b052d3cdf2d4d3b9dda36e313d581c
                                                                                                                                                                                                                              • Instruction ID: 44f1fb58b110722755e4386233c7126286d48d72ec8b9c7c53193fa4a2fa6d3f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48ee1d969c594a826a3bdca5ec694cebb7b052d3cdf2d4d3b9dda36e313d581c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4302B560A0DB4B91FE15FB15EC511B7A3A6AF64780FEC5432C80D062A5EF6DE7899330
                                                                                                                                                                                                                              Function 61B12F40 Relevance: 75.7, APIs: 27, Strings: 16, Instructions: 436filestringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61B12F7E
                                                                                                                                                                                                                                • Part of subcall function 61B12B90: strlen.MSVCRT ref: 61B12BB3
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61B12FB7
                                                                                                                                                                                                                                • Part of subcall function 61B12DB0: strlen.MSVCRT ref: 61B12DCA
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 61B12FE9
                                                                                                                                                                                                                                • Part of subcall function 61B12230: GetProcessHeap.KERNEL32 ref: 61B12253
                                                                                                                                                                                                                                • Part of subcall function 61B12230: HeapAlloc.KERNEL32 ref: 61B12267
                                                                                                                                                                                                                                • Part of subcall function 61B12230: GetAdaptersAddresses.IPHLPAPI ref: 61B1228C
                                                                                                                                                                                                                                • Part of subcall function 61B12230: GetProcessHeap.KERNEL32 ref: 61B122FF
                                                                                                                                                                                                                                • Part of subcall function 61B12230: HeapFree.KERNEL32 ref: 61B12309
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61B13018
                                                                                                                                                                                                                                • Part of subcall function 61B12040: GetProcessHeap.KERNEL32 ref: 61B12061
                                                                                                                                                                                                                                • Part of subcall function 61B12040: HeapAlloc.KERNEL32 ref: 61B12076
                                                                                                                                                                                                                                • Part of subcall function 61B12040: memcpy.MSVCRT ref: 61B120EC
                                                                                                                                                                                                                                • Part of subcall function 61B12040: GetProcessHeap.KERNEL32 ref: 61B1210A
                                                                                                                                                                                                                                • Part of subcall function 61B12040: HeapFree.KERNEL32 ref: 61B12115
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 61B1304B
                                                                                                                                                                                                                                • Part of subcall function 61B123C0: GetProcessHeap.KERNEL32 ref: 61B123E3
                                                                                                                                                                                                                                • Part of subcall function 61B123C0: HeapAlloc.KERNEL32 ref: 61B123F7
                                                                                                                                                                                                                                • Part of subcall function 61B123C0: GetAdaptersAddresses.IPHLPAPI ref: 61B1241F
                                                                                                                                                                                                                                • Part of subcall function 61B123C0: inet_ntoa.WS2_32 ref: 61B12457
                                                                                                                                                                                                                                • Part of subcall function 61B123C0: GetProcessHeap.KERNEL32 ref: 61B12472
                                                                                                                                                                                                                                • Part of subcall function 61B123C0: HeapFree.KERNEL32 ref: 61B1247C
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61B1307A
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 61B1308E
                                                                                                                                                                                                                                • Part of subcall function 61B127C0: GetProcessHeap.KERNEL32 ref: 61B127DB
                                                                                                                                                                                                                                • Part of subcall function 61B127C0: HeapAlloc.KERNEL32 ref: 61B127EF
                                                                                                                                                                                                                                • Part of subcall function 61B127C0: GetNetworkParams.IPHLPAPI ref: 61B12827
                                                                                                                                                                                                                                • Part of subcall function 61B127C0: GetProcessHeap.KERNEL32 ref: 61B12849
                                                                                                                                                                                                                                • Part of subcall function 61B127C0: HeapFree.KERNEL32 ref: 61B12853
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61B130BD
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61B130DE
                                                                                                                                                                                                                              • strchr.MSVCRT ref: 61B1310B
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61B13143
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61B1316B
                                                                                                                                                                                                                              • strchr.MSVCRT ref: 61B13178
                                                                                                                                                                                                                              • fprintf.MSVCRT ref: 61B13199
                                                                                                                                                                                                                              • fputc.MSVCRT ref: 61B131B2
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61B131D3
                                                                                                                                                                                                                              • malloc.MSVCRT ref: 61B131DD
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61B13577
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61B13598
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61B135B9
                                                                                                                                                                                                                              • fwrite.MSVCRT ref: 61B135DA
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • "%s", xrefs: 61B1314D, 61B1318C
                                                                                                                                                                                                                              • Failed to get ip address., xrefs: 61B135A4
                                                                                                                                                                                                                              • Domain name: "%s", xrefs: 61B130B0
                                                                                                                                                                                                                              • Failed to get mac address., xrefs: 61B13583
                                                                                                                                                                                                                              • Hardware informations got by PyArmor:, xrefs: 61B12F66
                                                                                                                                                                                                                              • Failed to get harddisk information., xrefs: 61B13562
                                                                                                                                                                                                                              • >", xrefs: 61B13537
                                                                                                                                                                                                                              • Failed to get domain name., xrefs: 61B135C5
                                                                                                                                                                                                                              • Ip address: "%s", xrefs: 61B1306D
                                                                                                                                                                                                                              • Serial number of default harddisk: "%s", xrefs: 61B12FAA
                                                                                                                                                                                                                              • Serial number with disk name: , xrefs: 61B1312E
                                                                                                                                                                                                                              • Multiple Mac addresses: "<, xrefs: 61B131BE
                                                                                                                                                                                                                              • Default Mac address: "%s", xrefs: 61B1300B
                                                                                                                                                                                                                              • %02x, xrefs: 61B134ED
                                                                                                                                                                                                                              • %02x:, xrefs: 61B1348E
                                                                                                                                                                                                                              • Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux, xrefs: 61B130C9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Processfwrite$fprintf$AllocFreefputc$AdaptersAddressesstrchrstrlen$NetworkParamsinet_ntoamallocmemcpy
                                                                                                                                                                                                                              • String ID: "%s"$Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux$%02x$%02x:$>"$Default Mac address: "%s"$Domain name: "%s"$Failed to get domain name.$Failed to get harddisk information.$Failed to get ip address.$Failed to get mac address.$Hardware informations got by PyArmor:$Ip address: "%s"$Multiple Mac addresses: "<$Serial number of default harddisk: "%s"$Serial number with disk name:
                                                                                                                                                                                                                              • API String ID: 3427000353-3771683696
                                                                                                                                                                                                                              • Opcode ID: 58a85c287c46fdc1c4ce634d73f9fee8ab0d9f4f3167c90d95cf73ceda352d0f
                                                                                                                                                                                                                              • Instruction ID: af23b2556e792cae7c398684224967c03f6f7ff392393f322e65f069bbc383d5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58a85c287c46fdc1c4ce634d73f9fee8ab0d9f4f3167c90d95cf73ceda352d0f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1902E03620ABC08ADB98CB66E44539E77A5E789BE4F098215DF9D477A8EF3DC040C701
                                                                                                                                                                                                                              Function 61B139B0 Relevance: 72.1, APIs: 35, Strings: 6, Instructions: 355networkstringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$ioctlsockettoupper$Cleanupstrstr$closesocketgethostbynamememcmp$Startup_mktime64connecthtonsrecvselectsendsocketstrchr
                                                                                                                                                                                                                              • String ID: Dec$HEAD /%s HTTP/1.1Host: %sUser-Agent: PYARMOR.COREConnection: close$Nov$and,$http://$or,
                                                                                                                                                                                                                              • API String ID: 3493847099-1714119496
                                                                                                                                                                                                                              • Opcode ID: 58929c5e912ec175104270233314b9c45d47c5be0cb292502db19bfa4ac1916f
                                                                                                                                                                                                                              • Instruction ID: c8b5c0d5f4b6b620eeeac5907bd5d20e4236760b2b281fc72187b9c050c136d6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58929c5e912ec175104270233314b9c45d47c5be0cb292502db19bfa4ac1916f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96E1063220CBC185EB18CB64E45179E7BB1F785BA8F49C225CA6547BACFB3DC1468700
                                                                                                                                                                                                                              Function 61B033ED Relevance: 57.9, APIs: 25, Strings: 8, Instructions: 171COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyImport_GetModuleDict.PYTHON39 ref: 61B033ED
                                                                                                                                                                                                                              • PyDict_GetItemString.PYTHON39 ref: 61B03400
                                                                                                                                                                                                                              • PyModule_GetDict.PYTHON39 ref: 61B0340E
                                                                                                                                                                                                                              • PyDict_GetItemString.PYTHON39 ref: 61B03427
                                                                                                                                                                                                                              • PyObject_GetAttrString.PYTHON39 ref: 61B0344D
                                                                                                                                                                                                                              • PyList_GetItem.PYTHON39 ref: 61B03461
                                                                                                                                                                                                                              • _PyObject_CallFunction_SizeT.PYTHON39 ref: 61B034A6
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON39 ref: 61B034D7
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON39 ref: 61B034E9
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B034F5
                                                                                                                                                                                                                              • PyErr_Clear.PYTHON39 ref: 61B03580
                                                                                                                                                                                                                              • getenv.MSVCRT ref: 61B0358D
                                                                                                                                                                                                                              • PyUnicode_FromFormat.PYTHON39(?,?,?,?,?,?), ref: 61B035AA
                                                                                                                                                                                                                              • _PyObject_CallFunction_SizeT.PYTHON39(?,?,?,?,?,?), ref: 61B035D7
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON39 ref: 61B03605
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON39 ref: 61B03617
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B03623
                                                                                                                                                                                                                              • PyList_GetItem.PYTHON39 ref: 61B03685
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B03824
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Object_$CallSize$ItemMethod_$DeallocString$DictDict_Function_List_$AttrClearErr_FormatFromImport_ModuleModule_Unicode_getenv
                                                                                                                                                                                                                              • String ID: %U/%s$%U/../%s$%s/%s$PYARMOR_RKEY$__path__$_path$close$read
                                                                                                                                                                                                                              • API String ID: 2543034039-1237617226
                                                                                                                                                                                                                              • Opcode ID: 8628cc8beb8664022a1f3a6a234c0ad539071c32fc8f7c046ef72909b6a6883b
                                                                                                                                                                                                                              • Instruction ID: 134abfb468875e03d4a26d10b475e8d54724aebfe4980c5368b4eb03088729be
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8628cc8beb8664022a1f3a6a234c0ad539071c32fc8f7c046ef72909b6a6883b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E617D7131269099FA49DB67EC98BD52BA2FB4AF86F4CE4268D0907770EF7AC055C340
                                                                                                                                                                                                                              Function 61B082A0 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 201COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • cannot import name %R from %R (unknown location), xrefs: 61B083C5
                                                                                                                                                                                                                              • %U.%U, xrefs: 61B08452
                                                                                                                                                                                                                              • <unknown module name>, xrefs: 61B08378
                                                                                                                                                                                                                              • cannot import name %R from partially initialized module %R (most likely due to a circular import) (%S), xrefs: 61B08525
                                                                                                                                                                                                                              • cannot import name %R from %R (%S), xrefs: 61B0850A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AttrErr_Object_Tuple_$ClearDeallocErrorFilenameFromImportLookupModule_ObjectSizeStringUnicode_
                                                                                                                                                                                                                              • String ID: %U.%U$<unknown module name>$cannot import name %R from %R (%S)$cannot import name %R from %R (unknown location)$cannot import name %R from partially initialized module %R (most likely due to a circular import) (%S)
                                                                                                                                                                                                                              • API String ID: 597108667-3215622635
                                                                                                                                                                                                                              • Opcode ID: a89d7897071a011efe9a4f0ba0129564df2ea83871036f09e3973d9f43140081
                                                                                                                                                                                                                              • Instruction ID: cf12a92e3452a3a6efa6308effd872cfddec3d3820de7f0c731e164a05233b6f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a89d7897071a011efe9a4f0ba0129564df2ea83871036f09e3973d9f43140081
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E719E32B05B8495EA09CFA6E85439A7BA5FB86FD6F0C9024DE4A07734EF39C254D300
                                                                                                                                                                                                                              Function 61B0E2C0 Relevance: 35.5, APIs: 19, Strings: 1, Instructions: 472fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwrite$Err_MemoryPy_hashtable_destroyPy_hashtable_new_full
                                                                                                                                                                                                                              • String ID: too many objects
                                                                                                                                                                                                                              • API String ID: 3535940709-4209268247
                                                                                                                                                                                                                              • Opcode ID: a023a58e50b9cdfc8f5c553eb389cbe8784738619cfb37b626762e79cdfb616a
                                                                                                                                                                                                                              • Instruction ID: d035524f198b0b6323b71ce28317f20ca386cde25627dea3ecb2259fb755e440
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a023a58e50b9cdfc8f5c553eb389cbe8784738619cfb37b626762e79cdfb616a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6126D72609BC486DA48CB9AF48078EBFA0F785BD0F548116EB9D07BA8DB7DD141CB40
                                                                                                                                                                                                                              Function 61B116E0 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • missing required positional arguments, xrefs: 61B11821
                                                                                                                                                                                                                              • too many positional arguments, xrefs: 61B11B14
                                                                                                                                                                                                                              • Can't remove argname from kwargs, xrefs: 61B11906
                                                                                                                                                                                                                              • missing kwonly required arguments, xrefs: 61B11AAA
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dict_Err_ItemString$DeallocTuple_
                                                                                                                                                                                                                              • String ID: Can't remove argname from kwargs$missing kwonly required arguments$missing required positional arguments$too many positional arguments
                                                                                                                                                                                                                              • API String ID: 2174600326-1903473336
                                                                                                                                                                                                                              • Opcode ID: 286851ca3e6a76df06fabff22c39c923052360e3d65998a49603e5e5777a720b
                                                                                                                                                                                                                              • Instruction ID: 8893dc65c26f97be8946a19aeaf135cbe980d6e881bcd858d48baa47d92bfd48
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 286851ca3e6a76df06fabff22c39c923052360e3d65998a49603e5e5777a720b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96B17C72209BC481EB298F66E44139A7775FB95BA4F5EC211CEAD43B68DF39C095C300
                                                                                                                                                                                                                              Function 61B102D0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 180COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • not enough values to unpack (expected %d, got %d), xrefs: 61B1050D
                                                                                                                                                                                                                              • cannot unpack non-iterable %.200s object, xrefs: 61B104E1
                                                                                                                                                                                                                              • too many values to unpack (expected %d), xrefs: 61B10444
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$DeallocFormatIter_Next$CheckExceptionIterMatchesObject_OccurredSequence_
                                                                                                                                                                                                                              • String ID: cannot unpack non-iterable %.200s object$not enough values to unpack (expected %d, got %d)$too many values to unpack (expected %d)
                                                                                                                                                                                                                              • API String ID: 2492064420-2953850414
                                                                                                                                                                                                                              • Opcode ID: 718ebe43351047f4ee6697edd9d0154f9ea616fa6e39fd0a08e5944b1bb7ad90
                                                                                                                                                                                                                              • Instruction ID: 15048345f5388743361cfa7945ce73aafdbe423b1b38f60381b6e76d208db7c3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 718ebe43351047f4ee6697edd9d0154f9ea616fa6e39fd0a08e5944b1bb7ad90
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C617332749A84D6EA099F6AE88535A3775FB4DF94F0A9512CE1D87728EF39C0B5C300
                                                                                                                                                                                                                              Function 00007FFDFB1029E0 Relevance: 33.6, APIs: 11, Strings: 8, Instructions: 340stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strspn$strncmp$strcspn
                                                                                                                                                                                                                              • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Expecting: $Proc-Type:
                                                                                                                                                                                                                              • API String ID: 232339659-387852012
                                                                                                                                                                                                                              • Opcode ID: d3478d28586b3b591f2bcac79bc20f546f927b3c00999ee3a6f118fb3e088557
                                                                                                                                                                                                                              • Instruction ID: 9e00b3eca9e5a0bea06e863ee2eb5842669175d95feca1efe97bfd33be753dff
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3478d28586b3b591f2bcac79bc20f546f927b3c00999ee3a6f118fb3e088557
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60E18F66F0A6438AF724DB61D860AB92761BF44BC8F444131DAAD57AEDDF3CE509C340
                                                                                                                                                                                                                              Function 61B09C55 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 172threadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON39 ref: 61B09C66
                                                                                                                                                                                                                              • PyThreadState_Get.PYTHON39 ref: 61B0A331
                                                                                                                                                                                                                              • _Py_CheckFunctionResult.PYTHON39 ref: 61B0A37C
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (set size out of range), xrefs: 61B0ABD8
                                                                                                                                                                                                                              • NULL object in marshal data for set, xrefs: 61B0B016
                                                                                                                                                                                                                              • bad marshal data (index list too large), xrefs: 61B0B229
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CheckErr_FunctionOccurredResultState_Thread
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for set$bad marshal data (index list too large)$bad marshal data (set size out of range)
                                                                                                                                                                                                                              • API String ID: 3239669425-600355161
                                                                                                                                                                                                                              • Opcode ID: 912c98f49614fd6ca0cd3e918ecd33fc9839db7f9a536839490079a145ab2a5e
                                                                                                                                                                                                                              • Instruction ID: ae4c738bbfacd339cfef2d708aa1434bb408fad652975a4cfc189282a3dd0635
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 912c98f49614fd6ca0cd3e918ecd33fc9839db7f9a536839490079a145ab2a5e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C715032205BC0C5EA589FAAE44475A3B76FB85BD2F04DA15CD6E177A4DF39C149C700
                                                                                                                                                                                                                              Function 61B0DA70 Relevance: 32.0, APIs: 17, Strings: 1, Instructions: 473fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwrite$Err_String
                                                                                                                                                                                                                              • String ID: too many objects
                                                                                                                                                                                                                              • API String ID: 4210527972-4209268247
                                                                                                                                                                                                                              • Opcode ID: cb3ee314a1d694b2752704733d0a291bc67a21529ac4d4e6903c36ec7d2abc66
                                                                                                                                                                                                                              • Instruction ID: 6c3eca94a7161b3abf9b2a5ed03fe39f02fdb2fce8fd9fbc74b86461a0badbcf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb3ee314a1d694b2752704733d0a291bc67a21529ac4d4e6903c36ec7d2abc66
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C128BB2601B8486EB18CFA9E04079D7BB5F749FE8F548216CE2C57798DB79C592C380
                                                                                                                                                                                                                              Function 61B08810 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _PyFloat_Unpack8.PYTHON39 ref: 61B08841
                                                                                                                                                                                                                              • PyBuffer_FillInfo.PYTHON39 ref: 61B08896
                                                                                                                                                                                                                              • PyMemoryView_FromBuffer.PYTHON39 ref: 61B088A4
                                                                                                                                                                                                                              • _PyObject_CallMethodId_SizeT.PYTHON39 ref: 61B088C4
                                                                                                                                                                                                                              • PyNumber_AsSsize_t.PYTHON39 ref: 61B088E3
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON39 ref: 61B08A11
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • marshal data too short, xrefs: 61B08A07
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61B089E5
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61B08972
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: BufferBuffer_CallErr_FillFloat_FromInfoMemoryMethodNumber_Object_SizeSsize_tStringUnpack8View_
                                                                                                                                                                                                                              • String ID: EOF read where not expected$marshal data too short$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 3670709071-4172231876
                                                                                                                                                                                                                              • Opcode ID: 6727fdceb72ec6d757c849311ce4991e694453200b80467430a83ce11c314869
                                                                                                                                                                                                                              • Instruction ID: 649fbe4003086baa8a6046cd88e2968bdf3465bb8c305e5f335c1044efe26e97
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6727fdceb72ec6d757c849311ce4991e694453200b80467430a83ce11c314869
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F051B531701A8485EF499FAAE8407882B71FB45FAAF08A315CD6D577A4EF39C295D301
                                                                                                                                                                                                                              Function 00007FF756421DC0 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 123COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$fclose$freadfreemallocstrcpystrtok
                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                              • API String ID: 790192563-666925554
                                                                                                                                                                                                                              • Opcode ID: f2126a444f9a43a18ea98579e006ac142cbe12e69a89e8e1c712403cac79aff5
                                                                                                                                                                                                                              • Instruction ID: 99cc6697f95f0ee5cc0ec9eeb7df71127576f878b47f56586e1de6a91c00d9a8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2126a444f9a43a18ea98579e006ac142cbe12e69a89e8e1c712403cac79aff5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42418C60B0960645FA54BB229D506BBD253AF017D8FEC4135DE2D0BBD6EF2EB7848360
                                                                                                                                                                                                                              Function 61B08A40 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 120COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyBuffer_FillInfo.PYTHON39 ref: 61B08AC6
                                                                                                                                                                                                                              • PyMemoryView_FromBuffer.PYTHON39 ref: 61B08AD4
                                                                                                                                                                                                                              • _PyObject_CallMethodId_SizeT.PYTHON39 ref: 61B08AF4
                                                                                                                                                                                                                              • PyNumber_AsSsize_t.PYTHON39 ref: 61B08B13
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON39 ref: 61B08C41
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • marshal data too short, xrefs: 61B08C37
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61B08C15
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61B08BA2
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: BufferBuffer_CallErr_FillFromInfoMemoryMethodNumber_Object_SizeSsize_tStringView_
                                                                                                                                                                                                                              • String ID: EOF read where not expected$marshal data too short$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 3120701247-4172231876
                                                                                                                                                                                                                              • Opcode ID: 9cea38de1a4cea39770516e480ed0127acec6da59133294082e1f5267fda4d9e
                                                                                                                                                                                                                              • Instruction ID: db8721f961fe66477a36f2970cc1f39584243e5d4f522da92c158625fd646e8d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9cea38de1a4cea39770516e480ed0127acec6da59133294082e1f5267fda4d9e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE4184B1706E4085EE099BAAD8443482761FB49FB9F589315CE3D877E4EF3AC696D300
                                                                                                                                                                                                                              Function 00007FF756427390 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 118COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _wputenv_s.MSVCRT ref: 00007FF7564273E1
                                                                                                                                                                                                                              • free.MSVCRT ref: 00007FF7564273EC
                                                                                                                                                                                                                              • GetTempPathW.KERNEL32 ref: 00007FF756427410
                                                                                                                                                                                                                              • _getpid.MSVCRT(?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427416
                                                                                                                                                                                                                              • _wtempnam.MSVCRT ref: 00007FF75642743F
                                                                                                                                                                                                                              • free.MSVCRT ref: 00007FF756427454
                                                                                                                                                                                                                              • free.MSVCRT ref: 00007FF75642747E
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427100: GetEnvironmentVariableW.KERNEL32 ref: 00007FF75642712C
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF75642726B
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: free.MSVCRT ref: 00007FF756427276
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: _wfullpath.MSVCRT ref: 00007FF75642729E
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: wcschr.MSVCRT(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF7564272CD
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: wcsncpy.MSVCRT ref: 00007FF7564272FB
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427305
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: wcschr.MSVCRT(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427310
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427230: CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427322
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$CreateDirectoryEnvironmentwcschr$ExpandPathStringsTempVariable_getpid_wfullpath_wputenv_s_wtempnamwcsncpy
                                                                                                                                                                                                                              • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                              • API String ID: 2180377646-1116378104
                                                                                                                                                                                                                              • Opcode ID: eac588c9a10cee43b7fc045f8065deedb6d774543738ff8bba23e9bb29c080e6
                                                                                                                                                                                                                              • Instruction ID: 9d368621290f0f4c402ee325548c6e400c0359eba4c88fcdb36737c8f531b3ea
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eac588c9a10cee43b7fc045f8065deedb6d774543738ff8bba23e9bb29c080e6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82417911F0861745EEA5B722AE212BBC6822F55BD0FEC4031EC0E47796ED3EE7848274
                                                                                                                                                                                                                              Function 61B08DA0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyBuffer_FillInfo.PYTHON39 ref: 61B08E22
                                                                                                                                                                                                                              • PyMemoryView_FromBuffer.PYTHON39 ref: 61B08E30
                                                                                                                                                                                                                              • _PyObject_CallMethodId_SizeT.PYTHON39 ref: 61B08E50
                                                                                                                                                                                                                              • PyNumber_AsSsize_t.PYTHON39 ref: 61B08E72
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON39 ref: 61B08E8B
                                                                                                                                                                                                                              • PyErr_Format.PYTHON39 ref: 61B08EBA
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON39 ref: 61B08F63
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • marshal data too short, xrefs: 61B08F57
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61B08EB0
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61B08F37
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$BufferBuffer_CallFillFormatFromInfoMemoryMethodNumber_Object_OccurredSizeSsize_tStringView_
                                                                                                                                                                                                                              • String ID: EOF read where not expected$marshal data too short$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 2192429850-4172231876
                                                                                                                                                                                                                              • Opcode ID: 4f3f2fc2fea17e647fe0684cdd4f5e844930d5f10c6989ed4149ac3daf3ff396
                                                                                                                                                                                                                              • Instruction ID: 6aab901d8e04c60bbce043963cc874eb11f47848a94c518f19e17e13bd432eef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f3f2fc2fea17e647fe0684cdd4f5e844930d5f10c6989ed4149ac3daf3ff396
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9419231702A8085EA199F6AE8443992762FB98FF5F4C93258E2D477E0EF39C695D300
                                                                                                                                                                                                                              Function 00007FF756427AE0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 98processsynchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fileno_get_osfhandlesignal$Process$ByteCharCodeCommandCreateExitInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                              • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                              • API String ID: 979768843-3524285272
                                                                                                                                                                                                                              • Opcode ID: 283ebe96b6f9e732354aaa17e5d0142c826c4d20509961a5428b2b9139989279
                                                                                                                                                                                                                              • Instruction ID: af140b051601bfb08c823c77f684e4f2803b3c299ff658a7f21c8307951a1e98
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 283ebe96b6f9e732354aaa17e5d0142c826c4d20509961a5428b2b9139989279
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30418D32A086868AF760AB60F8143EBE261EB90784F944135DA8D47BC9DF7DD1848B50
                                                                                                                                                                                                                              Function 61B0329E Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 94COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _PyObject_CallFunction_SizeT.PYTHON39 ref: 61B032E8
                                                                                                                                                                                                                              • PyErr_Clear.PYTHON39 ref: 61B03304
                                                                                                                                                                                                                              • PyErr_Format.PYTHON39 ref: 61B03364
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON39(?,?,?,?,?,?), ref: 61B033A3
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON39(?,?,?,?,?,?), ref: 61B033B5
                                                                                                                                                                                                                              • PySys_GetObject.PYTHON39 ref: 61B03517
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B03573
                                                                                                                                                                                                                              • getenv.MSVCRT ref: 61B03647
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CallObject_Size$Err_Method_$ClearDeallocFormatFunction_ObjectSys_getenv
                                                                                                                                                                                                                              • String ID: %U.%s$%U/%s$%s (%d:%d)$%s/%s$PYARMOR_RKEY$close$executable$read
                                                                                                                                                                                                                              • API String ID: 2643494441-891831584
                                                                                                                                                                                                                              • Opcode ID: e999b92a40ce5aecb7c7e000be3a37f0d0707fcaeb94ee4c292365f40c1fbc65
                                                                                                                                                                                                                              • Instruction ID: 379831611b0708e831a11556da933737db2ea43be7e64ec8abeac1b957f2de81
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e999b92a40ce5aecb7c7e000be3a37f0d0707fcaeb94ee4c292365f40c1fbc65
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3231F231311A9494EA49DB67EC887D92B62EB85FC5F8CD422CD0D07B74EF6AC152C300
                                                                                                                                                                                                                              Function 61B10590 Relevance: 27.2, APIs: 18, Instructions: 153COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$CallCheckErr_Object_Signals
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 356930793-0
                                                                                                                                                                                                                              • Opcode ID: 3071d8bd704aa22ddb2aef66af2d2c831075926a6de53343a59525fdbadfa839
                                                                                                                                                                                                                              • Instruction ID: e2f6b8a7637ed2829b597502375303818dbecdd7987946a75b023ddf19e1ac3a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3071d8bd704aa22ddb2aef66af2d2c831075926a6de53343a59525fdbadfa839
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1851983224EA84D5EA0E9FA6994936D7771FB46F90F0EC525DE0986B28DF39C0B5C300
                                                                                                                                                                                                                              Function 61B12230 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 108memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • ../src/platforms/windows/hdinfo.c, xrefs: 61B12387
                                                                                                                                                                                                                              • Too small size, xrefs: 61B12380
                                                                                                                                                                                                                              • %02x:%02x:%02x:%02x:%02x:%02x, xrefs: 61B122C9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesAllocFree
                                                                                                                                                                                                                              • String ID: %02x:%02x:%02x:%02x:%02x:%02x$../src/platforms/windows/hdinfo.c$Too small size
                                                                                                                                                                                                                              • API String ID: 1283795797-3992030336
                                                                                                                                                                                                                              • Opcode ID: 720938924406275af25c5b425af49263c2a4c01f295620e88daa00a744eb9f94
                                                                                                                                                                                                                              • Instruction ID: b7ebc4e6ac024bec21a987f98e095bd9c526e7689143b498965735eb04941247
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 720938924406275af25c5b425af49263c2a4c01f295620e88daa00a744eb9f94
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE310D213092D14AD718DBBBBC0179E7B92EB8AB94F198276AD588379CDB3CC1419710
                                                                                                                                                                                                                              Function 00007FF756428590 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen_snwprintfcallocfree
                                                                                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                              • API String ID: 1339360106-2855260032
                                                                                                                                                                                                                              • Opcode ID: 57435018102f62b0195d8008580f349119aadad288017808c1fb9636fc3b24c3
                                                                                                                                                                                                                              • Instruction ID: dfa5ac7855e31a02cf33030ebe5de684059d1df0b75b48d8e1971619ece95fae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57435018102f62b0195d8008580f349119aadad288017808c1fb9636fc3b24c3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E131B43170864246E7506B51BD0076BA361EB95BE0FA84331EE6D47BD9DF3DE609C710
                                                                                                                                                                                                                              Function 61B01DF0 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 90stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strncmp$Err_Format_errno$freememcpystrlen
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$*DOMAIN:$*HARDDISK:$*IFIPV4:$*IFIPV6:$*IFMAC:$*MID:$5(
                                                                                                                                                                                                                              • API String ID: 3958490578-1731549688
                                                                                                                                                                                                                              • Opcode ID: 7f386ca90869f4e7a942387e88c80bd49a34fdcf9a6c9116e47703f723d03f89
                                                                                                                                                                                                                              • Instruction ID: e3631fbdfdbdb0de03b4b868a8bf6b0729ed91719e81a57cd313f7749a8fc981
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f386ca90869f4e7a942387e88c80bd49a34fdcf9a6c9116e47703f723d03f89
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF21262571169154FF98A727E84479A2EA9F789FCEF88D015CD284B7D0DF2EC14AC710
                                                                                                                                                                                                                              Function 00007FF75642E250 Relevance: 25.7, APIs: 17, Instructions: 223COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcstombs$setlocale$freembstowcsrealloc$_strdup
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1093732947-0
                                                                                                                                                                                                                              • Opcode ID: b4cf11bddb17e765b4c93872f0ddc47ed030d39934b3577d59b7f46327944ceb
                                                                                                                                                                                                                              • Instruction ID: 1db79d0b17a2b49cde863077cbd0d6afdbdb20133efaa0587f3893a6b815e255
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4cf11bddb17e765b4c93872f0ddc47ed030d39934b3577d59b7f46327944ceb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FA14E66B15B1988EB40ABA6DC402BE63B1FB08BC8F984435DE5D17B99EF3DD541C320
                                                                                                                                                                                                                              Function 00007FFDFAF54E3A Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 205registryfileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Event$FileSource$ByteCharDeregisterHandleMultiRegisterReportTypeWideWrite__stdio_common_vsprintf__stdio_common_vswprintf
                                                                                                                                                                                                                              • String ID: $OpenSSL$OpenSSL: FATAL$no stack?
                                                                                                                                                                                                                              • API String ID: 2603057392-2963566556
                                                                                                                                                                                                                              • Opcode ID: 81fdbb8bc37f147549ac6fca6950533cfd3299da5a4ec30ef8831ca52d8221ed
                                                                                                                                                                                                                              • Instruction ID: c472688487b56c34cbc121cd6ea403ab3483c45b41d70ab3ed83d249e8087089
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81fdbb8bc37f147549ac6fca6950533cfd3299da5a4ec30ef8831ca52d8221ed
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2791C373B19B8785EB209F24D8609A93764FF45B98F404336EA6D47AE9EF38E155C300
                                                                                                                                                                                                                              Function 61B0FF50 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Invalid type for op_build, xrefs: 61B101AC
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: List_$DeallocDict_$ExtendTuple_Update
                                                                                                                                                                                                                              • String ID: Invalid type for op_build
                                                                                                                                                                                                                              • API String ID: 3794787204-1006902009
                                                                                                                                                                                                                              • Opcode ID: 9af96475a880216f2e38ba46d95b418e161fafc290bf98de26d35a2edfaf4c8a
                                                                                                                                                                                                                              • Instruction ID: 1e07b7f68115b9a8186609c6869ee67f7d90c23d9391f885eb8f159412f20b84
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9af96475a880216f2e38ba46d95b418e161fafc290bf98de26d35a2edfaf4c8a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90510E7270A69982FE0D9BA699413593762EB4AFC5F49C01EDD1987718EF3DC061C384
                                                                                                                                                                                                                              Function 61B11400 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Too many format strings, xrefs: 61B1143D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$Err_FormatObject_StringUnicode_
                                                                                                                                                                                                                              • String ID: Too many format strings
                                                                                                                                                                                                                              • API String ID: 3094464462-2091874682
                                                                                                                                                                                                                              • Opcode ID: 2a6125c2923544c89da007ce0528df89825ef915e38a965cb1c88f8fdf017aeb
                                                                                                                                                                                                                              • Instruction ID: 45bbf8d02a9616668d0a115d800a33504a1fa02564e0da2a0f83e0a42c89ed27
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a6125c2923544c89da007ce0528df89825ef915e38a965cb1c88f8fdf017aeb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D51803264EA8481EE1D8FB6A9553696371EBA5FC4F4E8521C90A47B2CEF3AC155C300
                                                                                                                                                                                                                              Function 61B01A30 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 170COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DictDict_Err_Eval_FormatFrameFunction_ItemModule_SelfStringUnicode_
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$__dict__$__pyarmor__$protection exception (%d)
                                                                                                                                                                                                                              • API String ID: 3372622024-629680938
                                                                                                                                                                                                                              • Opcode ID: 129e3374a8c51961574f1ffc87b080191ba9be5e1931adc70d1c2747872d2f80
                                                                                                                                                                                                                              • Instruction ID: 4e326d1aadc0168481c5c3fdfd4e8ae2509583210fdf7c6f78053ea2a51c0109
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 129e3374a8c51961574f1ffc87b080191ba9be5e1931adc70d1c2747872d2f80
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1519E76701A8491FF1D9BA6D8447A82FB1EB88FD9F4D9465CE2D47360EF29C095C300
                                                                                                                                                                                                                              Function 61B11D80 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$ItemMethod_Tuple_$BuildFunction_NameQualSubtypeType_ValueWith
                                                                                                                                                                                                                              • String ID: (O)
                                                                                                                                                                                                                              • API String ID: 593819998-4232840684
                                                                                                                                                                                                                              • Opcode ID: 304e27fe7289a87c992b683e58a3052a225436262cfaf13c648354625ae93dc9
                                                                                                                                                                                                                              • Instruction ID: 0e9dbea573e38d06710a5739aa6bf1fec8be35e02b9ed0359fbc2c80bad883b8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 304e27fe7289a87c992b683e58a3052a225436262cfaf13c648354625ae93dc9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9851903320AA8081EA5DDFF2A94579A7B76FB65BD0F0ED024CE5946B28DF39C094C300
                                                                                                                                                                                                                              Function 00007FF7564250F0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 138stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • strncmp.MSVCRT ref: 00007FF7564251AF
                                                                                                                                                                                                                              • mbstowcs.MSVCRT(00000000,C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI63522\lib-dynload;C:\Users\jone,C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI63522\lib-dynload;C:\Users\user\AppData\Local\Temp\_MEI63522,?,?,?,_MEIPASS2,00007FF756425804), ref: 00007FF7564251DF
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • _MEIPASS2, xrefs: 00007FF7564250F0
                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI63522\lib-dynload;C:\Users\user\AppData\Local\Temp\_MEI63522, xrefs: 00007FF7564250FC
                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI63522\lib-dynload;C:\Users\jone, xrefs: 00007FF7564250FD
                                                                                                                                                                                                                              • Failed to convert Wflag %s using mbstowcs (invalid multibyte string), xrefs: 00007FF7564252F9
                                                                                                                                                                                                                              • pyi-, xrefs: 00007FF75642517C
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: mbstowcsstrncmp
                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI63522\lib-dynload;C:\Users\jone$C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI63522\lib-dynload;C:\Users\user\AppData\Local\Temp\_MEI63522$Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$_MEIPASS2$pyi-
                                                                                                                                                                                                                              • API String ID: 1807066385-490367744
                                                                                                                                                                                                                              • Opcode ID: ed1570afcb3850cbb0f22facbff62a62bf6a525bd8db3598a162388f4d850246
                                                                                                                                                                                                                              • Instruction ID: 0e43c1a1ddffc1f783b79698a7263629eb5bcfb556746bbcfc6cc9f216d5963f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed1570afcb3850cbb0f22facbff62a62bf6a525bd8db3598a162388f4d850246
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3517061F0864695FB19BB26DC443BBA752AB45BD4FD84431CD0E073E2DE7EE6818720
                                                                                                                                                                                                                              Function 61B085F0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61B086DF
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61B08747
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Mem_Memory$BufferBuffer_CallDeallocFillFormatFromInfoMallocMethodNumber_Object_OccurredReallocSizeSsize_tView_
                                                                                                                                                                                                                              • String ID: EOF read where not expected$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 3190434935-3742967138
                                                                                                                                                                                                                              • Opcode ID: 2631c71e5a0bbec1863ae1a48afd76cb64c832fe7948ae38a71c17544f67a5b7
                                                                                                                                                                                                                              • Instruction ID: a3e778e138c663b1c0ae787de760f8ba1f53ad57907f2974e6f831d181b8e9a9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2631c71e5a0bbec1863ae1a48afd76cb64c832fe7948ae38a71c17544f67a5b7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8541867170294085FB459BA6E9403982761FB44FE9F489225CD2D577A4EF3DC2EAD300
                                                                                                                                                                                                                              Function 61B1E310 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 319COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                                                                              • String ID: A != NULL$B != NULL$C != NULL$P != NULL$kA != NULL$kB != NULL$modulus != NULL$src/pk/ecc/ltc_ecc_map.c$src/pk/ecc/ltc_ecc_mul2add.c
                                                                                                                                                                                                                              • API String ID: 306872129-190324370
                                                                                                                                                                                                                              • Opcode ID: d6b39c76fbaef9b2f39a50b4b66092aeb5b5ae4cb8f447c92f317bde01b91a56
                                                                                                                                                                                                                              • Instruction ID: ad9556335216eb2cc281364d626dd36b3033db8ed21983b6b7f49c59e1fa21d5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6b39c76fbaef9b2f39a50b4b66092aeb5b5ae4cb8f447c92f317bde01b91a56
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96C1AC32608AD086EB55CF96E8447DE6765F7C8BD9F4A8422EE8D97B48EF78C444C700
                                                                                                                                                                                                                              Function 00007FFDFAF51C1C Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 267stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp$strncmp
                                                                                                                                                                                                                              • String ID: ..\s\crypto\asn1\asn_mime.c$application/pkcs7-mime$application/pkcs7-signature$application/x-pkcs7-mime$application/x-pkcs7-signature$boundary$content-type$multipart/signed$type:
                                                                                                                                                                                                                              • API String ID: 1244041713-3630080479
                                                                                                                                                                                                                              • Opcode ID: 76ade8ba22535bb08183434f62bc8da8f68e94d2c41caec39ecac450251eba96
                                                                                                                                                                                                                              • Instruction ID: 4c9bfa29cca0c4cebc57095e2a520ab5af61b46b0c7da6c255f5ea5c69978578
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76ade8ba22535bb08183434f62bc8da8f68e94d2c41caec39ecac450251eba96
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44C19C21F1E64345EB28DB159470EB96391AF46BC4F884132EAAD0B6EEEF3CE105D700
                                                                                                                                                                                                                              Function 61B1FDB0 Relevance: 21.3, APIs: 9, Strings: 5, Instructions: 254COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$memcmp$malloc
                                                                                                                                                                                                                              • String ID: hash != NULL$key != NULL$sig != NULL$src/pk/rsa/rsa_verify_hash.c$stat != NULL
                                                                                                                                                                                                                              • API String ID: 2896619906-237625700
                                                                                                                                                                                                                              • Opcode ID: b839c04ec52b335016cd67981c70c8b8e1d207d1c5227ab2cc10ced808fc3544
                                                                                                                                                                                                                              • Instruction ID: 280f2279c0f3a887443588269f8ff656f7f6a414a056cb861bb59ec462d1dffc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b839c04ec52b335016cd67981c70c8b8e1d207d1c5227ab2cc10ced808fc3544
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CB19B722096C58AEB68CF52E44479FBBA0F389BD8F098519DE8847B58DB7DC449CF40
                                                                                                                                                                                                                              Function 00007FF7564232F0 Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 202stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF756423280: strcpy.MSVCRT(?,?,_MEIPASS2,?,00007FF75642376C), ref: 00007FF7564232C3
                                                                                                                                                                                                                              • strcmp.MSVCRT ref: 00007FF75642347C
                                                                                                                                                                                                                              • strcmp.MSVCRT ref: 00007FF75642349F
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427960: fread.MSVCRT ref: 00007FF7564279D1
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427960: ferror.MSVCRT ref: 00007FF7564279E1
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427960: clearerr.MSVCRT(?,00000000,?,00007FF7564233A7,?,00000000,?,00000000,?,?,_MEIPASS2,?,00007FF75642376C), ref: 00007FF7564279ED
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427960: fclose.MSVCRT ref: 00007FF756427A29
                                                                                                                                                                                                                                • Part of subcall function 00007FF756427960: fclose.MSVCRT ref: 00007FF756427A31
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclosestrcmp$clearerrferrorfreadstrcpy
                                                                                                                                                                                                                              • String ID: %s%s%s$%s%s%s%s%s$%s%s%s%s%s%s%s$%s%s%s.exe$%s%s%s.pkg$Archive not found: %s$Archive path exceeds PATH_MAX$Error copying %s$Error extracting %s$Error opening archive %s$_MEIPASS2$malloc
                                                                                                                                                                                                                              • API String ID: 2929065527-1083822304
                                                                                                                                                                                                                              • Opcode ID: 6a3b22465de237773ced7f5a741d205b1c8a40f18a30f3be367a1266488d6e22
                                                                                                                                                                                                                              • Instruction ID: 9bdd2742824f6214dec77aa29170160cafe2a4196ca225420c8927150b3f304f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a3b22465de237773ced7f5a741d205b1c8a40f18a30f3be367a1266488d6e22
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B815021A08A4691EA21BB21EC401FBE366AF40BD4FE84132ED4D47795DE3DE786C360
                                                                                                                                                                                                                              Function 61B7F940 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                                                              • String ID: $@$@
                                                                                                                                                                                                                              • API String ID: 896588047-3743272326
                                                                                                                                                                                                                              • Opcode ID: 68d6ae6196f482da661525bba98d7078453b15a95900c92f370ed5e6c723d2ef
                                                                                                                                                                                                                              • Instruction ID: d205cf1f4623f37fe6c549f3db155d4cade057ad6725d9f71ca58c6df0070e36
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68d6ae6196f482da661525bba98d7078453b15a95900c92f370ed5e6c723d2ef
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23410673A156D445E7359B96AC007896661FB89BB4F499329DE7A173E0EB3CC880C304
                                                                                                                                                                                                                              Function 61B1121E Relevance: 21.1, APIs: 14, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Restore$DeallocExceptionException_FetchNormalize$Back_ContextEval_FrameHereOccurredTraceTraceback
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4214459649-0
                                                                                                                                                                                                                              • Opcode ID: 6b2da5060af3667575d9a22256ab07e1d83e387b33fb1fe5af9b4969f7cc937c
                                                                                                                                                                                                                              • Instruction ID: 85887f6e432361c59356ac30088a3020fca3ba1790c206b8abc052a7f4ab900a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b2da5060af3667575d9a22256ab07e1d83e387b33fb1fe5af9b4969f7cc937c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7410976209BC4A4DA248BA6F84439BB772FB8ABD0F489016DE8D43B2CDF39C545C701
                                                                                                                                                                                                                              Function 00007FF756427230 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF756428360: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF756422F80), ref: 00007FF756428396
                                                                                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF75642726B
                                                                                                                                                                                                                              • free.MSVCRT ref: 00007FF756427276
                                                                                                                                                                                                                              • _wfullpath.MSVCRT ref: 00007FF75642729E
                                                                                                                                                                                                                              • wcschr.MSVCRT(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF7564272CD
                                                                                                                                                                                                                              • wcsncpy.MSVCRT ref: 00007FF7564272FB
                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427305
                                                                                                                                                                                                                              • wcschr.MSVCRT(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427310
                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,?,?,00000000,00007FF7564273CB,?,?,?,00000000,?,00000012,00000000,00000000,00007FF75642758B), ref: 00007FF756427322
                                                                                                                                                                                                                              • _wcsdup.MSVCRT ref: 00007FF75642733B
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF756427370
                                                                                                                                                                                                                              • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF756427380
                                                                                                                                                                                                                              • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF756427350
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateDirectorywcschr$ByteCharEnvironmentExpandMultiStringsWide_wcsdup_wfullpathfreewcsncpy
                                                                                                                                                                                                                              • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                              • API String ID: 2066369749-3498232454
                                                                                                                                                                                                                              • Opcode ID: 9e13386d219b448b5f94a8e42e947f4be23f8ecdc3d79d60eea337cbc3ae3e9b
                                                                                                                                                                                                                              • Instruction ID: 88439b70e96b13e9b7ab2288a127839aa165c811a0e4d6b400e7f0697a4875dc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e13386d219b448b5f94a8e42e947f4be23f8ecdc3d79d60eea337cbc3ae3e9b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3031CF51B0864649FA65B762AD153BBD282AF48BC0FDC4430DE0E5B7C6ED3EE6418270
                                                                                                                                                                                                                              Function 61B123C0 Relevance: 19.6, APIs: 13, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$AdaptersAddressesAllocFree$inet_ntoa
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4108032510-0
                                                                                                                                                                                                                              • Opcode ID: acadbd4b88bd0c330e62648d8a19d0c9a76a998cf9ce84bb142b1c1cd6c67ce2
                                                                                                                                                                                                                              • Instruction ID: 955a14fb6f00161d8712e017a7aaab98f57f0816615144df6b773f3f4a5e1a5d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: acadbd4b88bd0c330e62648d8a19d0c9a76a998cf9ce84bb142b1c1cd6c67ce2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2213A2135968546FB08D7BBBC0175A6661EFCABD8F1ED275AE2C873A8DF38C4418710
                                                                                                                                                                                                                              Function 61B04D71 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 163threadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61B0EED0: PyList_New.PYTHON39 ref: 61B0EF0A
                                                                                                                                                                                                                                • Part of subcall function 61B0EED0: PyMem_Free.PYTHON39 ref: 61B0EF43
                                                                                                                                                                                                                              • _PyDict_GetItemIdWithError.PYTHON39 ref: 61B0F932
                                                                                                                                                                                                                              • PyThreadState_Get.PYTHON39 ref: 61B0F995
                                                                                                                                                                                                                              • _Py_CheckFunctionResult.PYTHON39 ref: 61B0F9DF
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B0FA13
                                                                                                                                                                                                                              • _PyObject_MakeTpCall.PYTHON39 ref: 61B0FA6A
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B0FA80
                                                                                                                                                                                                                              • _PyLong_AsInt.PYTHON39 ref: 61B0FAC3
                                                                                                                                                                                                                              • PyImport_ImportModuleLevelObject.PYTHON39 ref: 61B0FAEB
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B0FB1D
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dealloc$CallCheckDict_ErrorFreeFunctionImportImport_ItemLevelList_Long_MakeMem_ModuleObjectObject_ResultState_ThreadWith
                                                                                                                                                                                                                              • String ID: __import__ not found
                                                                                                                                                                                                                              • API String ID: 1035092831-2199325508
                                                                                                                                                                                                                              • Opcode ID: 8adf6afb5c9a5929cc2806b77ed3ec15e1d93f7917ec65b8bf3bd5762ff7057b
                                                                                                                                                                                                                              • Instruction ID: 68d56b6e9c0e1616fc5a66149b1afa69d2e8ce69f1917b8d18d71d2dd6e9821c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8adf6afb5c9a5929cc2806b77ed3ec15e1d93f7917ec65b8bf3bd5762ff7057b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A518D32305B8486EB498F66E84039A6BB1FB49FE5F08912ADE4E07B24DF39D095C304
                                                                                                                                                                                                                              Function 61B05898 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 93COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyEval_GetFrame.PYTHON39 ref: 61B054E2
                                                                                                                                                                                                                              • PyUnicode_FromFormat.PYTHON39 ref: 61B054FF
                                                                                                                                                                                                                              • Py_DecRef.PYTHON39 ref: 61B05513
                                                                                                                                                                                                                              • PyUnicode_AsUTF8.PYTHON39 ref: 61B05924
                                                                                                                                                                                                                              • PyImport_GetModuleDict.PYTHON39 ref: 61B05958
                                                                                                                                                                                                                              • PyDict_GetItem.PYTHON39 ref: 61B05966
                                                                                                                                                                                                                              • PyModule_GetDict.PYTHON39 ref: 61B05977
                                                                                                                                                                                                                              • PyDict_GetItemString.PYTHON39 ref: 61B0598A
                                                                                                                                                                                                                              • PyImport_ExecCodeModuleObject.PYTHON39 ref: 61B059AD
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON39 ref: 61B059B6
                                                                                                                                                                                                                                • Part of subcall function 61B0FDB0: VirtualAlloc.KERNEL32 ref: 61B0FE09
                                                                                                                                                                                                                                • Part of subcall function 61B0FDB0: memcpy.MSVCRT ref: 61B0FE2C
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DictDict_Import_ItemModuleUnicode_$AllocCodeErr_Eval_ExecFormatFrameFromModule_ObjectOccurredStringVirtualmemcpy
                                                                                                                                                                                                                              • String ID: $__main__$__mp_main__$__spec__
                                                                                                                                                                                                                              • API String ID: 3240200909-374268185
                                                                                                                                                                                                                              • Opcode ID: 57be061030d5468f604bf7c4af7ace6e68c80a8a02586619d0848318ede9a8de
                                                                                                                                                                                                                              • Instruction ID: 87912f398d0277badcb490f5843aed2b37aee8c7d909fbde58645c080d9e3ab4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57be061030d5468f604bf7c4af7ace6e68c80a8a02586619d0848318ede9a8de
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9231A0723017C489EF55CF66E8403996BA1FB89BD9F489426CE9C47B68EF39C095C314
                                                                                                                                                                                                                              Function 00007FF756425550 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$setlocale$_strdupcalloc
                                                                                                                                                                                                                              • String ID: Fatal error: unable to decode the command line argument #%i$out of memory
                                                                                                                                                                                                                              • API String ID: 3058678114-3355598041
                                                                                                                                                                                                                              • Opcode ID: b3466b8bcdbf8212ef856c22361cdd5686b4d4218940d99964e3d08bf125b2d7
                                                                                                                                                                                                                              • Instruction ID: 1a0b740bf270a335d902a9ed261f6ec8cf24caf78e918af0555323f20e673ccc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3466b8bcdbf8212ef856c22361cdd5686b4d4218940d99964e3d08bf125b2d7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E21BF11B0A54A45FA69B711DC513BBD253AF94BC4FDC8434DD4E17782EE3DAA818320
                                                                                                                                                                                                                              Function 00007FF756426020 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 131stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlenstrncpy$callocfreememcpy
                                                                                                                                                                                                                              • String ID: SPLASH: Cannot extract requirement %s.$SPLASH: Cannot find requirement %s in archive.$_MEIPASS2
                                                                                                                                                                                                                              • API String ID: 4189425833-927121926
                                                                                                                                                                                                                              • Opcode ID: 8ebfe7059a54402c64c68e21c39801e2fb5ea730c5c0cfbb639ef1c605efbae3
                                                                                                                                                                                                                              • Instruction ID: c02d53fb64f674695152dfa8069d8a4250cb6ab8c19a0ad24677160485427e72
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ebfe7059a54402c64c68e21c39801e2fb5ea730c5c0cfbb639ef1c605efbae3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4241D451B0868256EA14FA229C402FBD756BB49BC4FDC4531EE0D4778ADE3DE3858320
                                                                                                                                                                                                                              Function 61B801D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 283memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,?,?,?,?,61B01278), ref: 61B802FD
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Unknown pseudo relocation protocol version %d., xrefs: 61B8047E
                                                                                                                                                                                                                              • Unknown pseudo relocation bit size %d., xrefs: 61B8046A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                              • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                                                                                                                                                                                              • API String ID: 544645111-395989641
                                                                                                                                                                                                                              • Opcode ID: aee287c199cf33277f329d6aae33969ddea20c84b66125ba21e16ea2ef070a3c
                                                                                                                                                                                                                              • Instruction ID: c5fd76c34e39edaee6ddafe832338e6e0bdd48de5e0adc9a878af7507acf2649
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aee287c199cf33277f329d6aae33969ddea20c84b66125ba21e16ea2ef070a3c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58912531B432C186EB9C87A9D49078E7762E785FE8F58C515CE28C7798DB3DC4828711
                                                                                                                                                                                                                              Function 61B14000 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 117stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: freemallocmemcpystrchrstrlen
                                                                                                                                                                                                                              • String ID: and,$http://$local$or,
                                                                                                                                                                                                                              • API String ID: 3771145599-2506292620
                                                                                                                                                                                                                              • Opcode ID: 8978a69ec6f205f330e6b8afda094de8ba858ffbd3a3ea8c53bb8bbdf8c3f12f
                                                                                                                                                                                                                              • Instruction ID: 9601221c719cd5f6fb509eebee93cb4ac97cc1eb67bcf5c4b2f47947d1166967
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8978a69ec6f205f330e6b8afda094de8ba858ffbd3a3ea8c53bb8bbdf8c3f12f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5231C92130E2D895FE598A6369023592F55E746FBCF4DC7258D38177D8EB3AC06AC310
                                                                                                                                                                                                                              Function 61B09BB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • NULL object in marshal data for list, xrefs: 61B0AFC7
                                                                                                                                                                                                                              • bad marshal data (list size out of range), xrefs: 61B0A911
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_List_Occurred
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for list$bad marshal data (list size out of range)
                                                                                                                                                                                                                              • API String ID: 1902535023-3453879413
                                                                                                                                                                                                                              • Opcode ID: d2d59ec360bb5896bd4c5d37338355f9489aa7492166ace217e88b88132b05f7
                                                                                                                                                                                                                              • Instruction ID: 73a3103313c6c978f0d9461e876c6d85ef9c561e08f7224aa3adab6621a3101c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2d59ec360bb5896bd4c5d37338355f9489aa7492166ace217e88b88132b05f7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83313C75706BC0C2EE198FA6E98835E2B66FB85BC2F09D915C91E07724EF39D099C740
                                                                                                                                                                                                                              Function 61B09E04 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • NULL object in marshal data for tuple, xrefs: 61B0ADFB
                                                                                                                                                                                                                              • bad marshal data (tuple size out of range), xrefs: 61B0ABF9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_OccurredTuple_
                                                                                                                                                                                                                              • String ID: NULL object in marshal data for tuple$bad marshal data (tuple size out of range)
                                                                                                                                                                                                                              • API String ID: 3674511531-3094253248
                                                                                                                                                                                                                              • Opcode ID: 1c1724aace4411292c3c3e7c2136d789f6b5f5193ac2b1dcf1397a1d4e987aa4
                                                                                                                                                                                                                              • Instruction ID: 904cfc1dde7be341e11e10393ab14064b5792c89eeea196ca35304e4446e9fb5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c1724aace4411292c3c3e7c2136d789f6b5f5193ac2b1dcf1397a1d4e987aa4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B211931206A80C1EE188F7AD98875A2FB6EB85B92F09D914CD0E57324EF39D189CB40
                                                                                                                                                                                                                              Function 61B18A00 Relevance: 16.9, APIs: 3, Strings: 8, Instructions: 356stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen
                                                                                                                                                                                                                              • String ID: 8$?$?$@$MD5$in != NULL$md != NULL$src/hashes/md5.c
                                                                                                                                                                                                                              • API String ID: 39653677-3461814546
                                                                                                                                                                                                                              • Opcode ID: b15f9c1722f1e4211b163f7410ecf76a80342b42ddd16e4aa9e1476b87d3c548
                                                                                                                                                                                                                              • Instruction ID: c9010a8a03c72871d4389c8cee6e897751a21b842fd0a16a4f66c79ac35bb227
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b15f9c1722f1e4211b163f7410ecf76a80342b42ddd16e4aa9e1476b87d3c548
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4D101B361C3C18AEB09CB99E45576EBFA0F392388F468519DE820BB4CD779C445DB41
                                                                                                                                                                                                                              Function 00007FFDFAF571FD Relevance: 16.7, APIs: 4, Strings: 7, Instructions: 164stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strchr
                                                                                                                                                                                                                              • String ID: ..\s\crypto\ocsp\ocsp_lib.c$/$/$443$[$http$https
                                                                                                                                                                                                                              • API String ID: 2830005266-535551730
                                                                                                                                                                                                                              • Opcode ID: 3599b5d8e7b23bca4aa89a6d289242b8b2e1b5dd0b052be938d3549ec404f259
                                                                                                                                                                                                                              • Instruction ID: 7b4e3181ed564840e07b4206abe8a0f1b0db3bfa1101a8e663439506be874b15
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3599b5d8e7b23bca4aa89a6d289242b8b2e1b5dd0b052be938d3549ec404f259
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B961BE25B0EB8389EB15DB15E420BB92B61EF46B84F498131DAAE073E9DE3CE515C710
                                                                                                                                                                                                                              Function 00007FF756425E00 Relevance: 16.6, APIs: 9, Strings: 2, Instructions: 124stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcpy$mallocstrncpy$callocfreestrlenstrncat
                                                                                                                                                                                                                              • String ID: Cannot allocate memory for necessary files.$_MEIPASS2
                                                                                                                                                                                                                              • API String ID: 257583877-1389504347
                                                                                                                                                                                                                              • Opcode ID: 472684ba06c24e7f79680e4ae889bedee59a5e02c647be8decf2a780e158c915
                                                                                                                                                                                                                              • Instruction ID: feb11ec977c4ba71de87261458690df8a4e4c20c369bbf385dc7d68fa36198d7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 472684ba06c24e7f79680e4ae889bedee59a5e02c647be8decf2a780e158c915
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B841A162B0564646DA68EB22ED442BFE753AF447D0FD84031DF5E07B85EE7DE6828320
                                                                                                                                                                                                                              Function 61B1D8B0 Relevance: 16.6, APIs: 8, Strings: 3, Instructions: 99stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                                                                              • String ID: aes$name != NULL$src/misc/crypt/crypt_find_hash.c
                                                                                                                                                                                                                              • API String ID: 1004003707-455514378
                                                                                                                                                                                                                              • Opcode ID: df7cc0eeca24a38376942e41679c54eabef9de2662ec70f14f8147072deca66a
                                                                                                                                                                                                                              • Instruction ID: 52904ab8c6c6aac957b165b1eaff94ee0770ca7eac5e7a68b987febf86055837
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df7cc0eeca24a38376942e41679c54eabef9de2662ec70f14f8147072deca66a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C531843130AAC749FF5CDA92A5D97FD6723EB81BC8F05C1118E698B948EF18D14AC710
                                                                                                                                                                                                                              Function 61B09E90 Relevance: 16.6, APIs: 11, Instructions: 85COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dict_$AppendDeallocItemList_
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2970173465-0
                                                                                                                                                                                                                              • Opcode ID: d0938e8c1a24ab3d163836ce2b0b832fb71dda0a1f94966fd6b6b719b6e0f183
                                                                                                                                                                                                                              • Instruction ID: eedaa17758fadcf77dfd0d6225e77a7785e80947d875e3661ebce89b9c2793ce
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0938e8c1a24ab3d163836ce2b0b832fb71dda0a1f94966fd6b6b719b6e0f183
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29312A32206AC085EA1D8FB7E95435A2BB5EB4ABD2F08D824CE4E56724DF3AD485C700
                                                                                                                                                                                                                              Function 61B127C0 Relevance: 16.6, APIs: 11, Instructions: 78memorynetworkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Heap$Process$Free$Alloc$NetworkParams
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3483679945-0
                                                                                                                                                                                                                              • Opcode ID: 5510cbac09db3d817eb6147e547b05da115b4a753e76e1fbfd9e4669b3e47d88
                                                                                                                                                                                                                              • Instruction ID: 72d994a1b90bdd1663f03bfffa35fe1ebcc58173b7788c6e8be01080753ad3ba
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5510cbac09db3d817eb6147e547b05da115b4a753e76e1fbfd9e4669b3e47d88
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B11D31570969554EE18D7B77C017AE8642AFCBBD8F5DC236AD2C973A8EE38C0438310
                                                                                                                                                                                                                              Function 61B01660 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$FormatOccurred
                                                                                                                                                                                                                              • String ID: %s (%d:%d)
                                                                                                                                                                                                                              • API String ID: 4038069558-1595188566
                                                                                                                                                                                                                              • Opcode ID: 82006f7ce88fa6bd74cfb86f51dfee8866e5d69e158f17c8921e5f117b2a6508
                                                                                                                                                                                                                              • Instruction ID: a12a7746886db53e85ca41a5336f5c84a175914da9bd1eef6dd4f65c5c49bf5f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82006f7ce88fa6bd74cfb86f51dfee8866e5d69e158f17c8921e5f117b2a6508
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF41B2766157C086EB0C8BAAE8913AA7F71FB86BC9F4CD115DE4A07B25DF29C181C740
                                                                                                                                                                                                                              Function 61B80720 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: signal
                                                                                                                                                                                                                              • String ID: CCG
                                                                                                                                                                                                                              • API String ID: 1946981877-1584390748
                                                                                                                                                                                                                              • Opcode ID: 05b1e34c6bf78682c3d01b39c2e2f2da562612bbac15c1d0debb4947591295aa
                                                                                                                                                                                                                              • Instruction ID: 568311e482fbea8772b50f3cf93ac0dd3cde2403c3e6edeba886b35b8749b4b6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05b1e34c6bf78682c3d01b39c2e2f2da562612bbac15c1d0debb4947591295aa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65318E246671C149FFDD62B984603683512EB8AFF8F29CB158979C73D1CE6884D10A53
                                                                                                                                                                                                                              Function 61B09890 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON39 ref: 61B098A0
                                                                                                                                                                                                                              • PyUnicode_DecodeUTF8.PYTHON39 ref: 61B0A06F
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • surrogatepass, xrefs: 61B0A065
                                                                                                                                                                                                                              • bad marshal data (string size out of range), xrefs: 61B0A846
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DecodeErr_OccurredUnicode_
                                                                                                                                                                                                                              • String ID: bad marshal data (string size out of range)$surrogatepass
                                                                                                                                                                                                                              • API String ID: 1138423624-4021928140
                                                                                                                                                                                                                              • Opcode ID: 45ebbcbf1cf93850d7e84a196a691875e40f79ef29fc15d5c5264f980fa23018
                                                                                                                                                                                                                              • Instruction ID: cc8f48521be275e312b95f727df5e684e1ce9067c33099acc9c4492dcfe7b6b8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45ebbcbf1cf93850d7e84a196a691875e40f79ef29fc15d5c5264f980fa23018
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F631C032746AD0C2EA1ACF25D44879B7B65FB88BD2F09D610CE5917724EF39C586C740
                                                                                                                                                                                                                              Function 00007FFDFAF523D3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindowwcsstr
                                                                                                                                                                                                                              • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                                                                                              • API String ID: 459917433-1672312481
                                                                                                                                                                                                                              • Opcode ID: 696fa15e9a169d44d63b3c68501df3aa8fcdba14f0ced5310722a0b4d7182a0b
                                                                                                                                                                                                                              • Instruction ID: 53a631578fbe00bab3f2709f7c7891648cd212928bcd89b84408eb035700a48f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 696fa15e9a169d44d63b3c68501df3aa8fcdba14f0ced5310722a0b4d7182a0b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D413322B0AB838AEB509F24D860E6A2395EF457B8B544735E57D46BF8DF3CE5449300
                                                                                                                                                                                                                              Function 61B07FE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 65stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$FetchFormatFromObject_RestoreWindowsstrerror
                                                                                                                                                                                                                              • String ID: %s (%d:%d)
                                                                                                                                                                                                                              • API String ID: 2858978339-1595188566
                                                                                                                                                                                                                              • Opcode ID: eefe142c4642bae70b1a88c3cacac5445fb3c19b340f80279b1882085b61f10f
                                                                                                                                                                                                                              • Instruction ID: c3886415d4423d6fc8930ea4938a82bd20485182c9c7e34eff700c2aa433bca5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eefe142c4642bae70b1a88c3cacac5445fb3c19b340f80279b1882085b61f10f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B21C536A05B8485EB08DB69E8503DA7B61FBCAB85F4D9026CE4E13760EF3EC545D740
                                                                                                                                                                                                                              Function 61B0EB90 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61B0EC18
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61B0EC37
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Mem_$FormatFreeMallocMemoryOccurredfread
                                                                                                                                                                                                                              • String ID: EOF read where not expected$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 28673812-3742967138
                                                                                                                                                                                                                              • Opcode ID: 29014a9f1143d524c77be752f9d588df1f557af2292ed8a489b4943db7c01334
                                                                                                                                                                                                                              • Instruction ID: 722487c14827ec52d5c049db3b1e9446768bab6f34b323bf4f186bef2c941636
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29014a9f1143d524c77be752f9d588df1f557af2292ed8a489b4943db7c01334
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83110C30309A9081FB184BBBE88439D1762EB48FD6F0C9221CD6E877A0EF2D8555C310
                                                                                                                                                                                                                              Function 00007FF756427FA0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharErrorFormatLastMessageMultiWide
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                              • API String ID: 1653872744-2573406579
                                                                                                                                                                                                                              • Opcode ID: ad2549d3c2a23705f7db247113c1d342cb32283b1be670dbff4683e9cb5cf3dc
                                                                                                                                                                                                                              • Instruction ID: cbb7016172ae3ed8332ddfd02595a66b937e3be9630b98f9ed0b25fdbda4c009
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad2549d3c2a23705f7db247113c1d342cb32283b1be670dbff4683e9cb5cf3dc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D421AE71B08A0386F760BB14FC103ABA2A2AB54384FEC5134E94D066A8DF3DD789C720
                                                                                                                                                                                                                              Function 61B0EC60 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61B0ECDB
                                                                                                                                                                                                                              • EOF read where not expected, xrefs: 61B0ECF7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Mem_$FormatFreeMallocMemoryOccurredfread
                                                                                                                                                                                                                              • String ID: EOF read where not expected$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                                                              • API String ID: 28673812-3742967138
                                                                                                                                                                                                                              • Opcode ID: 84e58e263e89242c7db58cbab6e158a81eb99757aeda5d6cfe109509a83378be
                                                                                                                                                                                                                              • Instruction ID: a4b675aef65fee9cf85b7a08a1631f3135f9b4006caf3024ed1c6433f420c2bf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84e58e263e89242c7db58cbab6e158a81eb99757aeda5d6cfe109509a83378be
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A11803170155081FE185BABEC447882722EB88FA9F0C92A5CD1D577F0EF3E89958340
                                                                                                                                                                                                                              Function 61B1F550 Relevance: 15.5, APIs: 2, Strings: 8, Instructions: 455COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                                                                              • String ID: in != NULL$key != NULL$key != NULL$ltc_mp.name != NULL$ltc_mp.name != NULL$size > 0$src/pk/rsa/rsa_import.c$src/pk/rsa/rsa_make_key.c
                                                                                                                                                                                                                              • API String ID: 306872129-2031961738
                                                                                                                                                                                                                              • Opcode ID: 62c1e751ebf593be3f94ceed5bc86df17949ce4eea6d269294c199aa512509b0
                                                                                                                                                                                                                              • Instruction ID: 2d7f675fc09b763ab6816ece0218e7904559ec669eaadda46bc7fe875c571b6b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62c1e751ebf593be3f94ceed5bc86df17949ce4eea6d269294c199aa512509b0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29123572208BC186E7648F62E44579EB7A4F784BD8F15811AEE8D87B5CDF79C488CB40
                                                                                                                                                                                                                              Function 61B1DD30 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • src/misc/crypt/crypt_register_hash.c, xrefs: 61B1DF97
                                                                                                                                                                                                                              • hash != NULL, xrefs: 61B1DF9E
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcmp
                                                                                                                                                                                                                              • String ID: hash != NULL$src/misc/crypt/crypt_register_hash.c
                                                                                                                                                                                                                              • API String ID: 1475443563-1465673959
                                                                                                                                                                                                                              • Opcode ID: 71f33f053bfc6d170c4642ac664f2860cd1ba63ce4754980c6c4929138d2273b
                                                                                                                                                                                                                              • Instruction ID: a44304e503c83ed70b9f9436c4e8189ac9c69d0f2669fcc5b0f2bb04aee34c0a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71f33f053bfc6d170c4642ac664f2860cd1ba63ce4754980c6c4929138d2273b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6619F3330179486EB58CB66E888B9A7768F315BC8F458029CF9987B58DF35D25AC350
                                                                                                                                                                                                                              Function 61B1DFC0 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • prng != NULL, xrefs: 61B1E1F6
                                                                                                                                                                                                                              • src/misc/crypt/crypt_register_prng.c, xrefs: 61B1E1EF
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memcmp
                                                                                                                                                                                                                              • String ID: prng != NULL$src/misc/crypt/crypt_register_prng.c
                                                                                                                                                                                                                              • API String ID: 1475443563-58737364
                                                                                                                                                                                                                              • Opcode ID: 49c317bf793ba11d15a81e5eed9291ea8fe905187102030b50ef7097bdccf5b6
                                                                                                                                                                                                                              • Instruction ID: 6af7e058195f4223adb805358da4156d613090465f35914179ae18dd76ac9575
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49c317bf793ba11d15a81e5eed9291ea8fe905187102030b50ef7097bdccf5b6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C151CE32341BC896EB55CB53E885BDE7768F744BC8F4A8126CF6883A44EB38D168C750
                                                                                                                                                                                                                              Function 61B1DA00 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 108stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                                                                              • String ID: name != NULL$src/misc/crypt/crypt_find_prng.c
                                                                                                                                                                                                                              • API String ID: 1004003707-2030105502
                                                                                                                                                                                                                              • Opcode ID: 6f9cfd9346a890ceddbc66431ce84316e4a6c60c3f02d62629bc5ea029c0ba6c
                                                                                                                                                                                                                              • Instruction ID: 6c3fa3408b18e8f1165e8371d7611151032c157031ec128dec672afd45926b01
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f9cfd9346a890ceddbc66431ce84316e4a6c60c3f02d62629bc5ea029c0ba6c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D631542230A5C789FF1CCA96A5D97FE6761EF86BC8F05C1118F2A8B948EB18D146C710
                                                                                                                                                                                                                              Function 61B1D760 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 99stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • name != NULL, xrefs: 61B1D898
                                                                                                                                                                                                                              • src/misc/crypt/crypt_find_cipher.c, xrefs: 61B1D891
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strcmp
                                                                                                                                                                                                                              • String ID: name != NULL$src/misc/crypt/crypt_find_cipher.c
                                                                                                                                                                                                                              • API String ID: 1004003707-679692990
                                                                                                                                                                                                                              • Opcode ID: db0b58119e908a2814711f83c74fa0370cfe68f8348609082adae5355a358e33
                                                                                                                                                                                                                              • Instruction ID: 841acef652e037cadbda7f32f595969adaf96208e5ffc0740a51c6f1af3d8e23
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db0b58119e908a2814711f83c74fa0370cfe68f8348609082adae5355a358e33
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F731842230A5C749FF1CCA9AE9997FD6762EB80BCCF05C1148E2D8B948EB14D146C710
                                                                                                                                                                                                                              Function 00007FF756427960 Relevance: 15.1, APIs: 10, Instructions: 75fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fclose$strlen$clearerrferror$_wfopenfreadfwritestrcpystrtok
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4076046571-0
                                                                                                                                                                                                                              • Opcode ID: 6d24cda0018d9f1c40f634b24b6ae431e22c7f77f308e1a816bf5789cf7c1e90
                                                                                                                                                                                                                              • Instruction ID: ed3099dc85e6c3536c0d3cadadf150d5446d8104c987ccdc8f2ff194a6ef7f87
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d24cda0018d9f1c40f634b24b6ae431e22c7f77f308e1a816bf5789cf7c1e90
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE213A10B0D24345F9A576165E113BBC18A1F91BE4FAC1130ED1E1BBC6ED2EEB414270
                                                                                                                                                                                                                              Function 00007FF75643205B Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 176stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwprintf$___lc_codepage_func___mb_cur_max_funcfputwcmemsetstrlen
                                                                                                                                                                                                                              • String ID: %*.*S$%-*.*S$%.*S
                                                                                                                                                                                                                              • API String ID: 1485978544-2115465065
                                                                                                                                                                                                                              • Opcode ID: 29922263b1f62db41a3f93710390ba13a1f3212ebb201cd2458deb1966da752c
                                                                                                                                                                                                                              • Instruction ID: f4aa763495daee2573bfae5fcf5897ff6fab45887a50bc98992e4ac592b01431
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29922263b1f62db41a3f93710390ba13a1f3212ebb201cd2458deb1966da752c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79810A76B04B498BEB60DF2ACC806AE77E0F748BD8B458525EE4C47B58DB38D540CB50
                                                                                                                                                                                                                              Function 61B013C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ObjectSizeSys_Unicode_getenv
                                                                                                                                                                                                                              • String ID: LANG$PYARMOR_LANG$_PARLANG
                                                                                                                                                                                                                              • API String ID: 223123148-1822377752
                                                                                                                                                                                                                              • Opcode ID: 30b5e18f22aa5914352ff6185fcf0074db6a641bf9662b31f3ba382aa441b1df
                                                                                                                                                                                                                              • Instruction ID: 902f088ff233dc0af2dcbff7b547e1a6b5cc63c66d892f2c139c5f55f1936de5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30b5e18f22aa5914352ff6185fcf0074db6a641bf9662b31f3ba382aa441b1df
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD51F5A22092D085FB4E8BA5D5803AD3FB3E745FCEF4EC016DA6907361D72AC099C710
                                                                                                                                                                                                                              Function 00007FFDFAF541D3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastsetsockopt
                                                                                                                                                                                                                              • String ID: ..\s\crypto\bio\b_sock2.c$o
                                                                                                                                                                                                                              • API String ID: 1729277954-1872632005
                                                                                                                                                                                                                              • Opcode ID: 4436fc6254bc72a54972405be3f68e9f830346a03ab368bea1c244b879c7c278
                                                                                                                                                                                                                              • Instruction ID: 8f7bc476bdd0b1eefd3d70dbdd008bdd5c9519ec90e082f89d8d107091be2ea0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4436fc6254bc72a54972405be3f68e9f830346a03ab368bea1c244b879c7c278
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2519021B095438AF7249B11E824BAA6360FF81B48F144235E67D47AEDCF7DE545DB10
                                                                                                                                                                                                                              Function 00007FFDFAF51D48 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: HandleModule$AddressProc
                                                                                                                                                                                                                              • String ID: OPENSSL_Applink$OPENSSL_Uplink(%p,%02X): $_ssl.pyd$_ssl_d.pyd
                                                                                                                                                                                                                              • API String ID: 1883125708-1130596517
                                                                                                                                                                                                                              • Opcode ID: d7003f0cb0e0d0039ea82a20f93083a2f03f09b28b401cdfd41ce747ed1fa16f
                                                                                                                                                                                                                              • Instruction ID: 9594975beb874f6986d7db9ebc6acbade1d77c059c72ce932faa7ba3d09583ae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7003f0cb0e0d0039ea82a20f93083a2f03f09b28b401cdfd41ce747ed1fa16f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58512B26E0AB8382F7259F28E82097423A0FF59768F145735D97C966F9EF7CB1918340
                                                                                                                                                                                                                              Function 00007FF756428190 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                              • API String ID: 1374691127-27947307
                                                                                                                                                                                                                              • Opcode ID: 2545d0353a916761d4542fb4aef4a3359127c86309c8a96d9da67dca59b4f963
                                                                                                                                                                                                                              • Instruction ID: fca7f80cb3b30287f1915d42e4579255b9296baab424beed0b9a74e16cf045be
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2545d0353a916761d4542fb4aef4a3359127c86309c8a96d9da67dca59b4f963
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8021B521B08B0688F664BB65AC5037BE692AF543D4FAC4135EE4D06AD5DF7DD2488320
                                                                                                                                                                                                                              Function 00007FF7564280A0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                              • String ID: Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Out of memory.$WideCharToMultiByte$win32_wcs_to_mbs
                                                                                                                                                                                                                              • API String ID: 1374691127-3831141058
                                                                                                                                                                                                                              • Opcode ID: 7687b120f5d68f14857768de490d6f183c415b6ed4b9c9d44ffb99422ad470ab
                                                                                                                                                                                                                              • Instruction ID: 1741a48fd9d5f1e1b54171ad7304172594eb265a8bc860694ca178a6d5a88e8e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7687b120f5d68f14857768de490d6f183c415b6ed4b9c9d44ffb99422ad470ab
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6921CF22A0C70B49E760BB25EC4037BE692EB443D4FE84235ED4D066D8DF7DE2888320
                                                                                                                                                                                                                              Function 00007FF756427CC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _errnostrerror$_strdupcalloc
                                                                                                                                                                                                                              • String ID: LOADER: failed to allocate argv_pyi: %s$LOADER: failed to strdup argv[%d]: %s
                                                                                                                                                                                                                              • API String ID: 4278403329-2782260415
                                                                                                                                                                                                                              • Opcode ID: 2c40a0f7f0ce766427336e1a05f901444ae4812d5eb5a0f8592c5193bbc86394
                                                                                                                                                                                                                              • Instruction ID: 51b3dd3d28792b885d03ac05643cb88c2fd5ef35446e9fb33632fa5fa5c892d3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c40a0f7f0ce766427336e1a05f901444ae4812d5eb5a0f8592c5193bbc86394
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37119361B296078BE660BB61EC401B7F252AF55790FEC5535CD1E07395EE3DAA84C320
                                                                                                                                                                                                                              Function 61B27C20 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                              • String ID: mask != NULL$seed != NULL$src/pk/pkcs1/pkcs_1_mgf1.c
                                                                                                                                                                                                                              • API String ID: 2803490479-2931318352
                                                                                                                                                                                                                              • Opcode ID: f4e41f70d6d7e0aafcddf6b48fee0439e1404a375b65f9eb26b782430e620733
                                                                                                                                                                                                                              • Instruction ID: cc81396932cd2e0c3e0a7e3e4ed35bd88011f485a6321b869f670afed9b628ca
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4e41f70d6d7e0aafcddf6b48fee0439e1404a375b65f9eb26b782430e620733
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 465132727191D14AEB1ACF76A80477E7F26EB56BC8F09C004CE6A47B04EB79C40AC725
                                                                                                                                                                                                                              Function 00007FF756428360 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 60COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$calloc
                                                                                                                                                                                                                              • String ID: %s%s: %s$Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                              • API String ID: 1374691127-2292745976
                                                                                                                                                                                                                              • Opcode ID: 4c35b7fcd9c4acc0e2c22bd52eda775e71ee31f6d29f81a5e8fd2a31075b0d5b
                                                                                                                                                                                                                              • Instruction ID: d4f5ba196e576bd034dfb8784cf9d33b89efd3d36c106ff6553e7798bed543d6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c35b7fcd9c4acc0e2c22bd52eda775e71ee31f6d29f81a5e8fd2a31075b0d5b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF11C361B08A0689FA24B766AC1037BD252BF587D4FEC4231CE0D06AD5EE3DE3459320
                                                                                                                                                                                                                              Function 00007FFDFAF560CD Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 226COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Fiber$Switch$CreateDeletememmove
                                                                                                                                                                                                                              • String ID: *$..\s\crypto\async\async.c
                                                                                                                                                                                                                              • API String ID: 81049052-1471988776
                                                                                                                                                                                                                              • Opcode ID: d4b1aaa548b6ba931e46715b55231d237c7d7b513e509e1b788016de3668f88e
                                                                                                                                                                                                                              • Instruction ID: 8e779bb3fc9a58a43bc6bfebefafe92bbfa0c6e427f816f8a8481d9474f162cc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4b1aaa548b6ba931e46715b55231d237c7d7b513e509e1b788016de3668f88e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BA18F62B0AB03A6EB28DF26E460A6963A0FF44B94F044535DA6D4B7EDDF3CE505D700
                                                                                                                                                                                                                              Function 61B7F8B3 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 896588047-3916222277
                                                                                                                                                                                                                              • Opcode ID: 9d473446b9f848fb46b1be1c7e1ac9bc4b8186bde6c9e5378f292161beea5768
                                                                                                                                                                                                                              • Instruction ID: 0df29d9f36c6580b8c9b7e3f2caf1db4005f19cd88941b5891148dc2756f70e3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d473446b9f848fb46b1be1c7e1ac9bc4b8186bde6c9e5378f292161beea5768
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D41E8B7A0D7C419D3218BA45CA238A3F55BB56B50F8BC359DEF4037D5E71C81868705
                                                                                                                                                                                                                              Function 61B09900 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyUnicode_FromKindAndData.PYTHON39 ref: 61B09949
                                                                                                                                                                                                                              • PyErr_SetString.PYTHON39 ref: 61B0A2A9
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • EOF read where object expected, xrefs: 61B0A29C
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DataErr_FromKindStringUnicode_
                                                                                                                                                                                                                              • String ID: EOF read where object expected
                                                                                                                                                                                                                              • API String ID: 3898585613-3634523442
                                                                                                                                                                                                                              • Opcode ID: eb6e1e02158bd31b0cbdec0361169c0c960212fea9195114e11781c23b7e32fd
                                                                                                                                                                                                                              • Instruction ID: 7a873052cd24cb78dec0bd64db7be6db84f1f6d9c472928d480c8d280ba23f86
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb6e1e02158bd31b0cbdec0361169c0c960212fea9195114e11781c23b7e32fd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1731D1723056D0C1EA1ACF29D48879B3B65EB84BD2F09C620CE5D173A4DF39D985C780
                                                                                                                                                                                                                              Function 61B08C60 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • marshal data too short, xrefs: 61B08D6C
                                                                                                                                                                                                                              • EOF read where object expected, xrefs: 61B08D19
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_S_string_to_doubleStringmemcpy
                                                                                                                                                                                                                              • String ID: EOF read where object expected$marshal data too short
                                                                                                                                                                                                                              • API String ID: 1651926552-3827827332
                                                                                                                                                                                                                              • Opcode ID: 115807d9f098874f0aea156f9a191aac1375a3a0cc70513879ce74af88c395dd
                                                                                                                                                                                                                              • Instruction ID: a7d5eb50925854b3757ea1b77591ab04dab704149121dea3d3446e91952e8253
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 115807d9f098874f0aea156f9a191aac1375a3a0cc70513879ce74af88c395dd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B318072706A8485EF19DB7AF4503A83B71EB44F89F4893258E1D07368EF39C6A5D640
                                                                                                                                                                                                                              Function 61B03790 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON39 ref: 61B037ED
                                                                                                                                                                                                                              • _PyObject_CallMethod_SizeT.PYTHON39 ref: 61B037FF
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B0380B
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B03883
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CallDeallocMethod_Object_Size
                                                                                                                                                                                                                              • String ID: %U.%s$close$read
                                                                                                                                                                                                                              • API String ID: 3129687173-1885073756
                                                                                                                                                                                                                              • Opcode ID: 6636278560cdc5956eb2c2b2f870ce0f3a379f1cd1c949072ec38348d3f421b5
                                                                                                                                                                                                                              • Instruction ID: dc7b717563563dc48fa13742131a748cb86fe484ce6ba3202b29b9b887d9492b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6636278560cdc5956eb2c2b2f870ce0f3a379f1cd1c949072ec38348d3f421b5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C611707631266098EA49DB66FC58B952B62BB06BC6F4CA5268E0806730DF7A8555C300
                                                                                                                                                                                                                              Function 00007FF756421720 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$HandleLibraryLoadModule
                                                                                                                                                                                                                              • String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
                                                                                                                                                                                                                              • API String ID: 384173800-1835852900
                                                                                                                                                                                                                              • Opcode ID: eaee1e63e91aae8617825249eef17aa572b6443aebcd8db626c500a16e78915b
                                                                                                                                                                                                                              • Instruction ID: 5d23a51a68c1411a3854bfd08df8d9f7865da761d777cee6d1c52ec2ef6b524e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eaee1e63e91aae8617825249eef17aa572b6443aebcd8db626c500a16e78915b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD010924E0AA1B91E915BB05FC501BAA3A5BF897C5FDC5131CE0D17364AF2CE746C360
                                                                                                                                                                                                                              Function 61B08F80 Relevance: 12.2, APIs: 8, Instructions: 242fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwrite
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3559309478-0
                                                                                                                                                                                                                              • Opcode ID: f3a9fcf0a7bf179d3d669c786ac33edee2f67ffe8dfcee152f2b86ce1c998025
                                                                                                                                                                                                                              • Instruction ID: 5e1b9b9f83be9eaffc2510a99151ca1699650237ee77e319685eb06c10fc5110
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3a9fcf0a7bf179d3d669c786ac33edee2f67ffe8dfcee152f2b86ce1c998025
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73919CB2611B8086DB18CFA9D5403893BB5F749FE8F55861ADF6D17398DB39C2A1C380
                                                                                                                                                                                                                              Function 61B222B0 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 127COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: callocfree
                                                                                                                                                                                                                              • String ID: in != NULL$inlen != 0$public_key_len != NULL$src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
                                                                                                                                                                                                                              • API String ID: 306872129-3913984646
                                                                                                                                                                                                                              • Opcode ID: af6611bcf8bc8532ff7b5891d3586037ab2899eb077e8579c12c8f285c8a9c26
                                                                                                                                                                                                                              • Instruction ID: c23dcfd06bf3b01ba3beaa6a50fc6685384b18a3410eca9379c4dcab7ed173f9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af6611bcf8bc8532ff7b5891d3586037ab2899eb077e8579c12c8f285c8a9c26
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05417D723296C18AEB748F66E8407EEB664F388748F488119CEAC47B49DB7DC149CF51
                                                                                                                                                                                                                              Function 61B0ED20 Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mem_$Free$FromList_MallocMarshal_ObjectPy_fstat_noraiseReadStringfread
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 308550609-0
                                                                                                                                                                                                                              • Opcode ID: 19f771d24e7a45f260c9508a61e4718a9ec0a7748a8644049b41f036da33a059
                                                                                                                                                                                                                              • Instruction ID: 6fd39da0536349ef6a37a3dc17d18bb97062080daa49331f4c5bc2af8a51cae6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19f771d24e7a45f260c9508a61e4718a9ec0a7748a8644049b41f036da33a059
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D521A532605B8084EA198FA6F8443ADAB74EFC5BEAF084224EE9D57764DF3CC095C700
                                                                                                                                                                                                                              Function 00007FF756426660 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 157COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID: _image_data$exit$rename ::source ::_source$source$tclInit$tcl_findLibrary
                                                                                                                                                                                                                              • API String ID: 1294909896-1126984729
                                                                                                                                                                                                                              • Opcode ID: ee9cf1b83a3d49322b5e437d2bf84e7f86a44cec4b3cba424cd1bb4a22fceacc
                                                                                                                                                                                                                              • Instruction ID: eab4dd0b926c2c0a619ba2fcf92d1fade8526a57d71ff20f9268ca23d41fadda
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee9cf1b83a3d49322b5e437d2bf84e7f86a44cec4b3cba424cd1bb4a22fceacc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B71FD36A09E4686EB10AF21EC547AAB360FB48F89F884136DE4D57764DF3CD649C360
                                                                                                                                                                                                                              Function 61B7FFD0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • VirtualProtect failed with code 0x%x, xrefs: 61B8015A
                                                                                                                                                                                                                              • VirtualQuery failed for %d bytes at address %p, xrefs: 61B801A8
                                                                                                                                                                                                                              • Address %p has no image-section, xrefs: 61B801B9
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: QueryVirtual
                                                                                                                                                                                                                              • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                                                                                                                                                              • API String ID: 1804819252-2123141913
                                                                                                                                                                                                                              • Opcode ID: eeb21abcfde7cb52b47a034fb5214d4299c538f0d650c03fb7509cdd85a93301
                                                                                                                                                                                                                              • Instruction ID: 1149eaddffca3a308ec1cef0bd91f65a27370026d9472534930ec6c1472a3d84
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eeb21abcfde7cb52b47a034fb5214d4299c538f0d650c03fb7509cdd85a93301
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6519F72702B8586EB558F66E84079D77A1FB89FE4F08C226DE69873A4DB39C542C300
                                                                                                                                                                                                                              Function 00007FFDFAF53CFC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 114stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _stricmpstrchrstrncmp
                                                                                                                                                                                                                              • String ID: ..\s\crypto\store\store_lib.c$T$file
                                                                                                                                                                                                                              • API String ID: 3017659097-909561481
                                                                                                                                                                                                                              • Opcode ID: 3c2fc2ed303511279a16adede630b6ebe0e1095a82d9867975c1937a9c595aeb
                                                                                                                                                                                                                              • Instruction ID: 1e67a6acb2ca3bd7f9a24b18716a220875ede5d17a0dc791fc6ab36d5f6c13e4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c2fc2ed303511279a16adede630b6ebe0e1095a82d9867975c1937a9c595aeb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E41B132B09A468AEB15DF11E8609AA73A0FF85B98F444130EE5C4B7ADEF3CE505C700
                                                                                                                                                                                                                              Function 00007FF7564275B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcscat$ByteCharMultiWide_wrmdirwcslen
                                                                                                                                                                                                                              • String ID: _MEIPASS2
                                                                                                                                                                                                                              • API String ID: 3789554339-3944641314
                                                                                                                                                                                                                              • Opcode ID: 96c3ffd8a9f7418ae10f1445c318b44d92cba0f883aef55ab62338f85fa98de8
                                                                                                                                                                                                                              • Instruction ID: fa35194f80666ea8afcf5d6bde31baac4f0b36ef2da3bf4919086d6bcb5d91c3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96c3ffd8a9f7418ae10f1445c318b44d92cba0f883aef55ab62338f85fa98de8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88210552B0814248E960BB16AC446FBE252BB85BE0FDC9531EE1E1B7C6ED3DE741D320
                                                                                                                                                                                                                              Function 61B097B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • EOF read where object expected, xrefs: 61B09877
                                                                                                                                                                                                                              • bad marshal data (unknown type code), xrefs: 61B09EC7
                                                                                                                                                                                                                              • recursion limit exceeded, xrefs: 61B09EF0
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                                              • String ID: EOF read where object expected$bad marshal data (unknown type code)$recursion limit exceeded
                                                                                                                                                                                                                              • API String ID: 1450464846-1585441539
                                                                                                                                                                                                                              • Opcode ID: b4f4a0f393cf0819738eba53f74bfccfd93ff3c0182712bfa7e87c8eb31199df
                                                                                                                                                                                                                              • Instruction ID: aa69b6a7a6346ba8302e3fcef42d413bfd194375429623b3c22af707d95345c6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4f4a0f393cf0819738eba53f74bfccfd93ff3c0182712bfa7e87c8eb31199df
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B318F72204AC581EB258F29E8847E97B75EB88B96F489211DE5D163B0EF39C59AC300
                                                                                                                                                                                                                              Function 00007FF756425A50 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 56stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen
                                                                                                                                                                                                                              • String ID: %U?%llu$Failed to append to sys.path$Installing PYZ: Could not get sys.path$path$strict$utf-8
                                                                                                                                                                                                                              • API String ID: 39653677-2762566162
                                                                                                                                                                                                                              • Opcode ID: 38afba6078b464e7bce29b3b02907e9609ced751e64e5a12c42e31d9d0db83e8
                                                                                                                                                                                                                              • Instruction ID: 1dcff61cdbb7bde23abe7437a42db6862a4954d33ba51825fb1ae2744ddfd38f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38afba6078b464e7bce29b3b02907e9609ced751e64e5a12c42e31d9d0db83e8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA113026B09A4A81EA00BF15EC511BAA361AF58FD5FDC4131CE1D53764EE3CE696C720
                                                                                                                                                                                                                              Function 61B09BE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (bytes object size out of range), xrefs: 61B0A932
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Bytes_Err_FromOccurredSizeStringmemcpy
                                                                                                                                                                                                                              • String ID: bad marshal data (bytes object size out of range)
                                                                                                                                                                                                                              • API String ID: 2675459810-66224825
                                                                                                                                                                                                                              • Opcode ID: dff7100d27f901b6f3801151527ff4bee7996ec9a93b319a330600d7ccb6ade7
                                                                                                                                                                                                                              • Instruction ID: 31a7dc99e944fca0e4914a7a392497dfbe7b30e26b8eb5064022806a7f7da908
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dff7100d27f901b6f3801151527ff4bee7996ec9a93b319a330600d7ccb6ade7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6117971306AD1C2EE18DF66D488B5E2B66EB85BC2F09DA04CE1D07764DF38D685C780
                                                                                                                                                                                                                              Function 61B10C30 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Number_$DeallocErr_InvertNegativePositiveString
                                                                                                                                                                                                                              • String ID: Invalid operator
                                                                                                                                                                                                                              • API String ID: 4031754375-2676212410
                                                                                                                                                                                                                              • Opcode ID: 153f947444b075e187c9a3dc6dae1468cea5cc364cfaf74b2c34dfda64341c20
                                                                                                                                                                                                                              • Instruction ID: 5e9694a1f9a0877c3d964e71f522bcaa2bff875b749481059f72b009ebe7e386
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 153f947444b075e187c9a3dc6dae1468cea5cc364cfaf74b2c34dfda64341c20
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1F0623121DB80C1FB184BBAE8853697B62EB49B81F5D9511DA1A8233CDF3980F48A01
                                                                                                                                                                                                                              Function 61B811A0 Relevance: 9.1, APIs: 6, Instructions: 137stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _stat64$freemallocmemcpystrlen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4289191721-0
                                                                                                                                                                                                                              • Opcode ID: 0a89451c1f3271c781db0f924b37f4a357cd3367adafa240d1bdf056041d3e6b
                                                                                                                                                                                                                              • Instruction ID: 2707f21bd0770a6b8d8e4c9b3a28c7f83fd8698a66e8d8752502f43f5074ba4c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a89451c1f3271c781db0f924b37f4a357cd3367adafa240d1bdf056041d3e6b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 545190A250A6D08CE7988FA6E08032E7BB2E786F99F4CC112DAB446748D73EC085C751
                                                                                                                                                                                                                              Function 00007FFDFAF54DEF Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 112stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strncmp
                                                                                                                                                                                                                              • String ID: ASN1:$DER:$critical,
                                                                                                                                                                                                                              • API String ID: 1114863663-369496153
                                                                                                                                                                                                                              • Opcode ID: 76ebc8432138411813c07845d42988893309dd1a6d76f7020175b04a709ee0a5
                                                                                                                                                                                                                              • Instruction ID: e38df5e9ea9fd3a62d418b337fe439406b74020777bd9c0570475680e05c1e02
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76ebc8432138411813c07845d42988893309dd1a6d76f7020175b04a709ee0a5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D441CF13F0DA8346FB149B25A960B7A2691BF49BD8F089130E96E47AEDDE3CE410C740
                                                                                                                                                                                                                              Function 00007FF7564277D0 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 102stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$ByteCharMultiWidefreememsetstrcpystrtok
                                                                                                                                                                                                                              • String ID: WARNING: file already exists but should not: %s
                                                                                                                                                                                                                              • API String ID: 901113649-146164175
                                                                                                                                                                                                                              • Opcode ID: 1e8701fb1cedbc187cc210052cc9ef721ec9a4cd787dd6d5b31c85d96cfeef03
                                                                                                                                                                                                                              • Instruction ID: f4af8d2194830ce4e815c9a9e58a5fffb888d1e8f7f685c724b2f1091a863a50
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e8701fb1cedbc187cc210052cc9ef721ec9a4cd787dd6d5b31c85d96cfeef03
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3317252B4855645FA61B712AC116FBC242AF44BC4FEC4431EE0E47BC6DE2DE789C260
                                                                                                                                                                                                                              Function 61B101F0 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Dict_Item$Eval_Globals
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 298195719-0
                                                                                                                                                                                                                              • Opcode ID: 4d059f2c4b9701c1d634b37135ab13500449d0bc37c87962cd1b3a21754e061e
                                                                                                                                                                                                                              • Instruction ID: 2791c87af67231bafc2fc096843909841b2668f22166b383f46d1a7e2336bfeb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d059f2c4b9701c1d634b37135ab13500449d0bc37c87962cd1b3a21754e061e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F115E62F0E65582FE0E97A77C563C51152EB89FD0F4ED125CD0986718EE2CC8E29250
                                                                                                                                                                                                                              Function 00007FF7564276F0 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcscatwcscmp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3846154227-0
                                                                                                                                                                                                                              • Opcode ID: d6935a6bedf87a00fe86b0961995327ae8b14cc3a7484df73dc8f561e4ba821a
                                                                                                                                                                                                                              • Instruction ID: c267cb8b09946727a04d5037e105af57d98f778980f92874f5e94f241c5cef6b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6935a6bedf87a00fe86b0961995327ae8b14cc3a7484df73dc8f561e4ba821a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2114F15B0C54749FA64BB62AD102BBD296AF84BC0FEC5131DE0E462D6EE2DF7458231
                                                                                                                                                                                                                              Function 61B0FB40 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 164memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Failed to alloc memory for spp code, xrefs: 61B0FD8B
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocVirtualexitmemcpy
                                                                                                                                                                                                                              • String ID: Failed to alloc memory for spp code
                                                                                                                                                                                                                              • API String ID: 693558432-822294455
                                                                                                                                                                                                                              • Opcode ID: bb8165bb744ef8a7c5167f3725f56bd7d50b92b61591435aa02a1acb66b29033
                                                                                                                                                                                                                              • Instruction ID: 1bcb0b2df784a098ce1e9d14a3c8fa84f4929e95bde2c8ab02280c086c6d5fc3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb8165bb744ef8a7c5167f3725f56bd7d50b92b61591435aa02a1acb66b29033
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B951B1B2706B8482EF598F45E8807597BA9FB49FD5F49812ADE6C47754EF38C0A1C304
                                                                                                                                                                                                                              Function 00007FF756432358 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fwprintf$fputwc
                                                                                                                                                                                                                              • String ID: %*.*s$%-*.*s$%.*s
                                                                                                                                                                                                                              • API String ID: 2988249585-4054516066
                                                                                                                                                                                                                              • Opcode ID: a91dbb357188acd3bef83ce65dae52733958dc113a28ae759dd94a1ac569e38b
                                                                                                                                                                                                                              • Instruction ID: b126af5b3de7276bfc78cedb2a1afa26796ed10ea23dfc001b9cc14d8263756e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a91dbb357188acd3bef83ce65dae52733958dc113a28ae759dd94a1ac569e38b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6671FC76704B4A8BD760DF2AC8805AEB7E0F758BDCB458126EE4C87B58DB38D6508B50
                                                                                                                                                                                                                              Function 00007FFDFB016F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 129networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: getnameinfohtonsmemset
                                                                                                                                                                                                                              • String ID: $..\s\crypto\bio\b_addr.c
                                                                                                                                                                                                                              • API String ID: 165288700-1606403076
                                                                                                                                                                                                                              • Opcode ID: a54a86e0d0d66bceffd3aa82d26d7bd0329323ae4690f52601e7025a57f027ce
                                                                                                                                                                                                                              • Instruction ID: 8263896dba9c5836f456f1433d56e78d43da17699ec0e1c008d031d62270068e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a54a86e0d0d66bceffd3aa82d26d7bd0329323ae4690f52601e7025a57f027ce
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F951E462B0E74395FB289B15E420AB973A4EF41744F404135EBAC4B6EEEF3DE9519700
                                                                                                                                                                                                                              Function 00007FF75642D830 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: CCG
                                                                                                                                                                                                                              • API String ID: 0-1584390748
                                                                                                                                                                                                                              • Opcode ID: a0283aa659fd33aefeedabfee0c046e1fb257396bb271c98490b9339e9f5d556
                                                                                                                                                                                                                              • Instruction ID: 626ca246157e81bd62f4a714a45c79304c261255a148602236dbce09e4688b86
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0283aa659fd33aefeedabfee0c046e1fb257396bb271c98490b9339e9f5d556
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA418472B0C6068AF720AB64DC4437E6261EB09358FB88635D92D977E4DF3DD7418320
                                                                                                                                                                                                                              Function 00007FF756427030 Relevance: 8.8, APIs: 7, Instructions: 67stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strlen$malloc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3157260142-0
                                                                                                                                                                                                                              • Opcode ID: aef00f34797e28bb353a7b399a5cc428336a3b483756a02c4461744f6fca86aa
                                                                                                                                                                                                                              • Instruction ID: 2a94c7b50533074bb623bd5c4c4e0f82675abcbc4e8eea69c0988d61b9fd7dfb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aef00f34797e28bb353a7b399a5cc428336a3b483756a02c4461744f6fca86aa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1113002B0B15648FDAABA561D117BBC5C21F4BBD4E9C4430EE0E0B782FD3FA6858360
                                                                                                                                                                                                                              Function 61B10885 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • catching classes that do not inherit from BaseException is not allowed, xrefs: 61B109C5
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$DeallocExceptionGivenMatchesSizeStringTuple_
                                                                                                                                                                                                                              • String ID: catching classes that do not inherit from BaseException is not allowed
                                                                                                                                                                                                                              • API String ID: 1667255942-1287988286
                                                                                                                                                                                                                              • Opcode ID: 5adcac196ef0c8f053643b3de477d420928152ee9303c7eee5ad05488564db6c
                                                                                                                                                                                                                              • Instruction ID: 1b7a4d345772bed1493f97fa41fc064020f47b97ceda7cb862ff85c6a896c873
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5adcac196ef0c8f053643b3de477d420928152ee9303c7eee5ad05488564db6c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B216A7270978081FB0A8B6AE5517593B62EB85FD8F09D025CE4997728DF39C0A5C341
                                                                                                                                                                                                                              Function 61B10E10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • local variable referenced before assignment, xrefs: 61B10E5B
                                                                                                                                                                                                                              • No active exception to reraise, xrefs: 61B10E3C
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$Format$Occurred
                                                                                                                                                                                                                              • String ID: No active exception to reraise$local variable referenced before assignment
                                                                                                                                                                                                                              • API String ID: 1084603930-1116140797
                                                                                                                                                                                                                              • Opcode ID: 628fdc05bb30a41019b07dac194d23d798ba03f3fcdcde95ef9a7a4c2b05edb8
                                                                                                                                                                                                                              • Instruction ID: 12fab69d4c888a50d5d521619ab7e7f52222d5fcaf6b0068f9c3fd0e8c8daefd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 628fdc05bb30a41019b07dac194d23d798ba03f3fcdcde95ef9a7a4c2b05edb8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6F0F871B0474992EF599BB6E88539423A6EF48B54F49A452CD1C87628EF6EC4FA8300
                                                                                                                                                                                                                              Function 00007FFDFAF51064 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 270stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmovestrncpy
                                                                                                                                                                                                                              • String ID: ..\s\crypto\x509\x509_obj.c$0123456789ABCDEF$NO X509_NAME
                                                                                                                                                                                                                              • API String ID: 3054264757-3422593365
                                                                                                                                                                                                                              • Opcode ID: 5eff037eaf7809de7dcaa94f4735428a5fed0677689cfa2f15099d1506398b4d
                                                                                                                                                                                                                              • Instruction ID: 20f660f637401da0fae26bac9c0e19e0de3fd50942efe6021b29a204d400b113
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5eff037eaf7809de7dcaa94f4735428a5fed0677689cfa2f15099d1506398b4d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1B1F263F0E68786EB148B159460BBAAB90FF45B98F144135EAAD477E9CF3CE405C700
                                                                                                                                                                                                                              Function 00007FFDFAF51762 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 203COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: $$..\s\crypto\rsa\rsa_sign.c
                                                                                                                                                                                                                              • API String ID: 0-1864662394
                                                                                                                                                                                                                              • Opcode ID: 7a1b21664335a70d1b27420830f465c84bbc8acdefb246fc1d765d7cb2e805e1
                                                                                                                                                                                                                              • Instruction ID: 4505be46136bbe5d5feb013d0c224d1f8540651b4d63eb2a47a9a6d611e456b0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a1b21664335a70d1b27420830f465c84bbc8acdefb246fc1d765d7cb2e805e1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1919C62F0DA8B8AE7249A15E460BB96390FF44788F404135EEAD47BEDDF7CE5408B11
                                                                                                                                                                                                                              Function 61B12C60 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: sprintfstrlen
                                                                                                                                                                                                                              • String ID: ../src/platforms/windows/hdinfo.c$/%d:$No any serial number of harddisk got
                                                                                                                                                                                                                              • API String ID: 1090396089-4267867539
                                                                                                                                                                                                                              • Opcode ID: 683a687afe8405ee7c72868aeb30811eaa4b392d0e83119636416083cb07546a
                                                                                                                                                                                                                              • Instruction ID: c8d41b6ff592a9f8f0dcfe5405850ed429ba7619dd433e86fed4efcef627bcbf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 683a687afe8405ee7c72868aeb30811eaa4b392d0e83119636416083cb07546a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C313B6370D4D049EB198ABDAC513DD6612E787BE4FAEC261CE248768CD63985C6D700
                                                                                                                                                                                                                              Function 61B11BF0 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • PyFunction_NewWithQualName.PYTHON39 ref: 61B11C3C
                                                                                                                                                                                                                              • _Py_Dealloc.PYTHON39 ref: 61B11CC7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DeallocFunction_NameQualWith
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2691592392-0
                                                                                                                                                                                                                              • Opcode ID: 735ee46d915e5b90224fc02574616b79375755058dc410b7b242f6791ded3522
                                                                                                                                                                                                                              • Instruction ID: 06f394f4f0a54e0ea83a5175bfd41d8d95b6e19fba1cc4fef42fdd28c0633474
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 735ee46d915e5b90224fc02574616b79375755058dc410b7b242f6791ded3522
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B131A63264ABD0C5FA1EAFB6A5453A966B5FB65BD0F5EC521CE150AB1CEF35C0A0C300
                                                                                                                                                                                                                              Function 61B214D0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: N != NULL$src/math/rand_prime.c
                                                                                                                                                                                                                              • API String ID: 0-3192267683
                                                                                                                                                                                                                              • Opcode ID: 82aa40e94a4f7519490f0608d201e4c24bd7140b13ae4a9f9e4943fd34274e50
                                                                                                                                                                                                                              • Instruction ID: d553af315a5c7f6a8f8c5cc1e29fbba28dcfc79a279c30862b19a7af23be707a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82aa40e94a4f7519490f0608d201e4c24bd7140b13ae4a9f9e4943fd34274e50
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C313A223096C145EB298B56B8007BE6B78F786BE9F4C8125FD1E4BB54EB3EC449C700
                                                                                                                                                                                                                              Function 61B09CD3 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61B08C60: memcpy.MSVCRT ref: 61B08CB9
                                                                                                                                                                                                                                • Part of subcall function 61B08C60: PyOS_string_to_double.PYTHON39 ref: 61B08CCB
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON39 ref: 61B09CF7
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON39 ref: 61B09F9D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Occurred$S_string_to_doublememcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 282781714-0
                                                                                                                                                                                                                              • Opcode ID: 1874a9b96b9bd0995008c56d473ce98b161293cf47db44027a0b9db374968957
                                                                                                                                                                                                                              • Instruction ID: 6347bcac73f40dfc6e6e66c0a163f05a9b917c06fd80cd21e7b83a2eba003659
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1874a9b96b9bd0995008c56d473ce98b161293cf47db44027a0b9db374968957
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19119A716466C0CAEA1D9FB1D09875B2F25EF867C2F09E711C90A36260DF35E186C780
                                                                                                                                                                                                                              Function 61B09E40 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61B08810: _PyFloat_Unpack8.PYTHON39 ref: 61B08841
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON39 ref: 61B09E64
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON39 ref: 61B09F3D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Occurred$Float_Unpack8
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3006406168-0
                                                                                                                                                                                                                              • Opcode ID: da1a1d245800e9827d4567adaf4ac7c645b511a0a1a26ab099f29cd9934ca85d
                                                                                                                                                                                                                              • Instruction ID: 8ef2663151e9e5337fc6a7ac3af456dac2539e11ab4455d109aef618e5975ff4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da1a1d245800e9827d4567adaf4ac7c645b511a0a1a26ab099f29cd9934ca85d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E117C726457C0C6EA1E9FB1D05875B3F6AEF467C2F09E701C91A26264DF35E582C780
                                                                                                                                                                                                                              Function 00007FF756428460 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI63522\lib-dynload;C:\Users\user\AppData\Local\Temp\_MEI63522, xrefs: 00007FF756428461
                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI63522\lib-dynload;C:\Users\jone, xrefs: 00007FF756428462
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free$ByteCharMultiWidecalloc
                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI63522\lib-dynload;C:\Users\jone$C:\Users\user\AppData\Local\Temp\_MEI63522\base_library.zip;C:\Users\user\AppData\Local\Temp\_MEI63522\lib-dynload;C:\Users\user\AppData\Local\Temp\_MEI63522
                                                                                                                                                                                                                              • API String ID: 3975185072-1761172607
                                                                                                                                                                                                                              • Opcode ID: 880aeea3a64644c42315b07d075456f1b472c650d68855346d196d5a26200ea4
                                                                                                                                                                                                                              • Instruction ID: 18fda35c71c29a55fb132355bcff963f0431c8c732653692f2541df828a06e2c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 880aeea3a64644c42315b07d075456f1b472c650d68855346d196d5a26200ea4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91010422B066154AEAA16619AE403BFD18A9F94BD9FAC4530CF4D02B81FE39F5858220
                                                                                                                                                                                                                              Function 61B5DB90 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 233fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: abortfwrite
                                                                                                                                                                                                                              • String ID: '$illegal index register
                                                                                                                                                                                                                              • API String ID: 1067672060-451399654
                                                                                                                                                                                                                              • Opcode ID: d498c3a48dfda33894e7f55c6776045515259492eb62f4b4c1e6e72c878be0db
                                                                                                                                                                                                                              • Instruction ID: 436dead20f9313c684bc37d861fe18bc19f37b6e42a25e396291ce4d5f456e49
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d498c3a48dfda33894e7f55c6776045515259492eb62f4b4c1e6e72c878be0db
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B916D7361ABC9C4EB168F3DE890A4C3F65E395F88B9AC212CA4C47754CA7EC466C311
                                                                                                                                                                                                                              Function 00007FFDFAF52833 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ..\s\crypto\async\async.c$T
                                                                                                                                                                                                                              • API String ID: 0-2182492907
                                                                                                                                                                                                                              • Opcode ID: 5b884b43492598cd6b80067dc20c8753be66d41fa2426b499d1778d29b0ae056
                                                                                                                                                                                                                              • Instruction ID: daeded4868997a172b806be09d2148023158bd4650b946ad0d6ae7d184909da8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b884b43492598cd6b80067dc20c8753be66d41fa2426b499d1778d29b0ae056
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA51AD31B0E643A6F7289F21D420AA96361EF45B84F041135EA6D4BBEDDF3CE6089B00
                                                                                                                                                                                                                              Function 61B0FDB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81memoryfileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • Failed to alloc memory for bcc code, xrefs: 61B0FEA7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocVirtualfwritememcpy
                                                                                                                                                                                                                              • String ID: Failed to alloc memory for bcc code
                                                                                                                                                                                                                              • API String ID: 1603020442-783995166
                                                                                                                                                                                                                              • Opcode ID: dc502c32fccaa74e3bf8cd35a9b720c91ee368302f5f6ba7dcb9484fbe245e45
                                                                                                                                                                                                                              • Instruction ID: ca680b90ca7d1e8e8e4867b314baa87d3197f86cae81bdf91822918b8ac2095d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc502c32fccaa74e3bf8cd35a9b720c91ee368302f5f6ba7dcb9484fbe245e45
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24216BB2702B9486DB548F5AE8807697BA4F70DFD9F48952ADF4C43754EB38C4A2C350
                                                                                                                                                                                                                              Function 61B09980 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • bad marshal data (string size out of range), xrefs: 61B0A01F
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$OccurredString
                                                                                                                                                                                                                              • String ID: bad marshal data (string size out of range)
                                                                                                                                                                                                                              • API String ID: 114435612-3115314950
                                                                                                                                                                                                                              • Opcode ID: cf5d26cb646b6e0b08b9da1f91e8f295e36aedc3bee6580d0cdf0c8c023d297b
                                                                                                                                                                                                                              • Instruction ID: c3618194fac1f2a7687b8474022ea8580f3b73818613baa0669bc8643444c6e5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf5d26cb646b6e0b08b9da1f91e8f295e36aedc3bee6580d0cdf0c8c023d297b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F51102323026C085FE1A8F29E44439A2BA1EF88BD6F08D624CE0C17764EF39D5C6C740
                                                                                                                                                                                                                              Function 61B02ECE Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Formatexit
                                                                                                                                                                                                                              • String ID: %s (%d:%d)$\(
                                                                                                                                                                                                                              • API String ID: 2212715685-1109738240
                                                                                                                                                                                                                              • Opcode ID: 750850b2967b4fb555b7a3b326c149d98a356eb9a85894e9a703f71f34d31e8e
                                                                                                                                                                                                                              • Instruction ID: 66797bccbb3de8363241aec52f21068cef87ae731b86e5788bd2d8ef17dcc1fb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 750850b2967b4fb555b7a3b326c149d98a356eb9a85894e9a703f71f34d31e8e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B110E76352BC489FB49CB69E8803993B61FB89B96F489552DE1D0B7A4CF3CC082C700
                                                                                                                                                                                                                              Function 00007FF756422D50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF756428360: MultiByteToWideChar.KERNEL32(?,?,WideCharToMultiByte,?,Failed to get UTF-8 buffer size.,?,00007FF756422F80), ref: 00007FF756428396
                                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF756422DD3
                                                                                                                                                                                                                              • MessageBoxA.USER32 ref: 00007FF756422DFB
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                              • String ID: Failed to get UTF-8 buffer size.$WideCharToMultiByte
                                                                                                                                                                                                                              • API String ID: 1878133881-785100509
                                                                                                                                                                                                                              • Opcode ID: 72291810d943b3fd7814dbfecb4b19948019f643a6276dfa9e98c327c838a6ae
                                                                                                                                                                                                                              • Instruction ID: 52c54167a6cecafd0d67fafef83bcc9f755c5ee7451f63539bc0a3fb07ce2473
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72291810d943b3fd7814dbfecb4b19948019f643a6276dfa9e98c327c838a6ae
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6201D27271878445EB306A26BC057EB9281BB48FC0F888034CE4D2BF89CE3ED6868714
                                                                                                                                                                                                                              Function 61B09D20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_$String$Occurred
                                                                                                                                                                                                                              • String ID: bad marshal data (invalid reference)
                                                                                                                                                                                                                              • API String ID: 1118661901-2759865940
                                                                                                                                                                                                                              • Opcode ID: 1320ded661b5327d561ca89795eac828451a0e9d12c6fb8b0c1db9cb0f167219
                                                                                                                                                                                                                              • Instruction ID: 357e0fde6e983e824d49ed95b42e6e12b103320a848b39fbcf9c6d62ad80897e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1320ded661b5327d561ca89795eac828451a0e9d12c6fb8b0c1db9cb0f167219
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D1117B1300A85C2EE08CF6AD58875A3B36FB89BD5F05E601CA1917370EF36D595C740
                                                                                                                                                                                                                              Function 00007FFDFAF5139D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastsocket
                                                                                                                                                                                                                              • String ID: ..\s\crypto\bio\b_sock2.c$2
                                                                                                                                                                                                                              • API String ID: 1120909799-2051290508
                                                                                                                                                                                                                              • Opcode ID: e8a12f5860b331eeb5ce7d2c174626199a70c7f9dd546f5556fd5a57dc2f225c
                                                                                                                                                                                                                              • Instruction ID: e694fb5164d4b00e847b323cda7fd8f54adb144b87ee9ee9486753e4e0d1d8a0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8a12f5860b331eeb5ce7d2c174626199a70c7f9dd546f5556fd5a57dc2f225c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF01C031F0854386E7149B21E4109AE6264FF40768F604635F77C476EDCF3DE9018B40
                                                                                                                                                                                                                              Function 00007FF756424430 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharFileModuleMultiNameWide
                                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                              • API String ID: 1532159127-1977442011
                                                                                                                                                                                                                              • Opcode ID: 453c31c0de05adf2ef5b00bbe1a4aa2b08751834a0fa89641782537bb64b6f0e
                                                                                                                                                                                                                              • Instruction ID: a597aad63af2f4ea8d8a60125774c1655f0cac43122fbb8e2c1fa2127d7307b1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 453c31c0de05adf2ef5b00bbe1a4aa2b08751834a0fa89641782537bb64b6f0e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF04F51B5C15345FA647A25EC053B782969F187C0FDC4432D80E962D6DD1EE78A9730
                                                                                                                                                                                                                              Function 61B121C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • ../src/platforms/windows/hdinfo.c, xrefs: 61B12200
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                              • String ID: ../src/platforms/windows/hdinfo.c
                                                                                                                                                                                                                              • API String ID: 1365068426-2451707101
                                                                                                                                                                                                                              • Opcode ID: c77ff458bce963d46a3da1710aa24575faa896877841cec891ac37451e0b6d26
                                                                                                                                                                                                                              • Instruction ID: 60dfb8fbbee92ea657276e7695c5edc9ab11ce8d9396290b6838f0ba0b09845c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c77ff458bce963d46a3da1710aa24575faa896877841cec891ac37451e0b6d26
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72F03931304B8182E7509B11E85538A7B72F7C9B85F245125DB8E43B78DF3EC15ACB40
                                                                                                                                                                                                                              Function 00007FFDFAF5153C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmove
                                                                                                                                                                                                                              • String ID: ..\s\crypto\ct\ct_oct.c
                                                                                                                                                                                                                              • API String ID: 2162964266-1972679481
                                                                                                                                                                                                                              • Opcode ID: f7fecd9361bddc965750e01324aed4324cb569f562dc2eb8dabd4dfa38720bf0
                                                                                                                                                                                                                              • Instruction ID: 20ba1e3d02ef39fd601e42085dcca11990b11a388ff6a19fe46f9a4601582c30
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7fecd9361bddc965750e01324aed4324cb569f562dc2eb8dabd4dfa38720bf0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF71C762B0E68389E715CF2984205BC3B70EB16B88F144276DEAC077DEDE2DD655D701
                                                                                                                                                                                                                              Function 00007FFDFB003900 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 155stringCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strncmp
                                                                                                                                                                                                                              • String ID: content-type
                                                                                                                                                                                                                              • API String ID: 1114863663-3266185539
                                                                                                                                                                                                                              • Opcode ID: 56ca444a9a8dfa9aa4abe6851fca9a9a5235b23e31a1969de246eae7ebda289b
                                                                                                                                                                                                                              • Instruction ID: 3873c702f576d2f0b2701c004118bf6c563f7a4d034d8da232a521996ec0f2db
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56ca444a9a8dfa9aa4abe6851fca9a9a5235b23e31a1969de246eae7ebda289b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56512A12B1E54345FB2557169470F7A6291AF4BBE4F480270EEBD476EDEF2CE501A300
                                                                                                                                                                                                                              Function 61B01010 Relevance: 6.1, APIs: 4, Instructions: 131sleepCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Sleep_amsg_exit
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1015461914-0
                                                                                                                                                                                                                              • Opcode ID: ba051967dd6055063de5f8dd8713933ae66d65dd8a4792f8e213a99589f036f4
                                                                                                                                                                                                                              • Instruction ID: d0d2ed5f90613b245f38db7a41cef3bc28e5393dc6903fdde1822d882953ffd5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba051967dd6055063de5f8dd8713933ae66d65dd8a4792f8e213a99589f036f4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE41823670668485F70E8B5AEC507952AB6F789BEAF4CC426DE1C87350EF79C492D310
                                                                                                                                                                                                                              Function 61B22140 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • in != NULL, xrefs: 61B22299
                                                                                                                                                                                                                              • src/pk/asn1/der/sequence/der_decode_sequence_multi.c, xrefs: 61B22292
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: in != NULL$src/pk/asn1/der/sequence/der_decode_sequence_multi.c
                                                                                                                                                                                                                              • API String ID: 0-85593093
                                                                                                                                                                                                                              • Opcode ID: 8a82fa17656216cdfed6ba41b83f9302cfa887e7fe2463f79e8972c9c6abed8f
                                                                                                                                                                                                                              • Instruction ID: 97df293ef9507d4e9e041e4f240f4ad5e5dd887c24064fb74a2fbdcb51e34511
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a82fa17656216cdfed6ba41b83f9302cfa887e7fe2463f79e8972c9c6abed8f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC3129367256C48AEB1D8F6AE800F6D3225E785BD9F58C064DE0D87B49DB39C449CB00
                                                                                                                                                                                                                              Function 61B09D83 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61B08C60: memcpy.MSVCRT ref: 61B08CB9
                                                                                                                                                                                                                                • Part of subcall function 61B08C60: PyOS_string_to_double.PYTHON39 ref: 61B08CCB
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON39 ref: 61B09DA3
                                                                                                                                                                                                                              • PyFloat_FromDouble.PYTHON39 ref: 61B09FC4
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DoubleErr_Float_FromOccurredS_string_to_doublememcpy
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1362591179-0
                                                                                                                                                                                                                              • Opcode ID: fab6e11cd17e24cd33d17baef92c4dc32fc0b461a787ae0fb876e5870a7725eb
                                                                                                                                                                                                                              • Instruction ID: 721a4a91b3ed95ff79c9fb7c1c54b74c1cb839ea225494712f46e7450c40f234
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fab6e11cd17e24cd33d17baef92c4dc32fc0b461a787ae0fb876e5870a7725eb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E80188B1706680C6EA0CAF61C198B1B3F6AEB457C2F09E604C9192A224DF34A586C780
                                                                                                                                                                                                                              Function 61B09C81 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 61B08810: _PyFloat_Unpack8.PYTHON39 ref: 61B08841
                                                                                                                                                                                                                              • PyErr_Occurred.PYTHON39 ref: 61B09CA1
                                                                                                                                                                                                                              • PyFloat_FromDouble.PYTHON39 ref: 61B09F64
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Float_$DoubleErr_FromOccurredUnpack8
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4123378784-0
                                                                                                                                                                                                                              • Opcode ID: 7d2634f37899fadc744a728b819bbcd160aa8119987e93f57730c28cee110fc2
                                                                                                                                                                                                                              • Instruction ID: d259a7802d11a439e6f2a85557ee4d6b766dc61215145b84bea8ccb2a1c1e6e5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d2634f37899fadc744a728b819bbcd160aa8119987e93f57730c28cee110fc2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95015A71702780CAEA0D9F76C49CB1B3F6AEB45BC6F19EA04C91926364DF35E586C780
                                                                                                                                                                                                                              Function 00007FFDFAF54403 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmovememset
                                                                                                                                                                                                                              • String ID: $$..\s\crypto\rsa\rsa_none.c
                                                                                                                                                                                                                              • API String ID: 1288253900-779172340
                                                                                                                                                                                                                              • Opcode ID: d21027dcd5a9b13bbe407246f7de02450a785e8ee2f8b223aa31a7e0c223aae4
                                                                                                                                                                                                                              • Instruction ID: 19cd728a8b6e8d814da52b7201966aeb3eae12b8058b3b9fd5c5d0b1e1be4aa7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d21027dcd5a9b13bbe407246f7de02450a785e8ee2f8b223aa31a7e0c223aae4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4801D422F1964286D710DF26A9A45A9A361FF947D4F188230FB6C47BEEDE3CE5018B40
                                                                                                                                                                                                                              Function 61B09B80 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_FromLongLong_Occurred
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4098471257-0
                                                                                                                                                                                                                              • Opcode ID: 02c02cb3908a6d2b22e12145e244b6671a3388e6bac1f093a3c7b303e63e56ae
                                                                                                                                                                                                                              • Instruction ID: c181e8ff06ebae32746cd30ad59da427b55f28333a09062ccffd7bae04793667
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02c02cb3908a6d2b22e12145e244b6671a3388e6bac1f093a3c7b303e63e56ae
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D014B71702690C7EE1CCF61C55CB1B2F66EB85BC2F09E614C91A1B760DB35D941C784
                                                                                                                                                                                                                              Function 00007FFDFAF52743 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _time64
                                                                                                                                                                                                                              • String ID: %02d%02d%02d%02d%02d%02dZ$%04d%02d%02d%02d%02d%02dZ
                                                                                                                                                                                                                              • API String ID: 1670930206-2648760357
                                                                                                                                                                                                                              • Opcode ID: 88c7a490ab53611d14af1a5616270064923f39c73e072f610315bbf64f80b1dd
                                                                                                                                                                                                                              • Instruction ID: b1e01f20b6f1f5ee26d6717501327efe0373137f19d292294374d02e733b097b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88c7a490ab53611d14af1a5616270064923f39c73e072f610315bbf64f80b1dd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83512032B1C7818AE764DB19A450A6AB7A0FF88750F444235FA9D8BB9DDE7CE441CB00
                                                                                                                                                                                                                              Function 00007FFDFAF51613 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: getaddrinfo
                                                                                                                                                                                                                              • String ID: ..\s\crypto\bio\b_addr.c
                                                                                                                                                                                                                              • API String ID: 300660673-2547254400
                                                                                                                                                                                                                              • Opcode ID: b79d4223b6bbc2254cee69598f955535b60997deb526dee558906d47e9ce2c0d
                                                                                                                                                                                                                              • Instruction ID: 02d3b2d5e6476d3dc3e82489330c32868af6ec0e7e64241227c60de80cb8b382
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b79d4223b6bbc2254cee69598f955535b60997deb526dee558906d47e9ce2c0d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B541F332B1968387E7189F52AC50AAA7390FB85744F409139FA9947BDDDF3CE8449B40
                                                                                                                                                                                                                              Function 00007FFDFAF53387 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastgetsockname
                                                                                                                                                                                                                              • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                                                              • API String ID: 566540725-540685895
                                                                                                                                                                                                                              • Opcode ID: 9b3f69082bb4ff9df31645ea74426c0b24ab9634ee7b9ce917f3eb43321057d8
                                                                                                                                                                                                                              • Instruction ID: fab8f85ccf51f444c5fc4b8d0ffd4ea27d206e004d57489449abd7c02bccce5e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b3f69082bb4ff9df31645ea74426c0b24ab9634ee7b9ce917f3eb43321057d8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4521B072B1910786E714DB21D820AEE73A0FF80314F540236E67C466E8DF7DE599DB40
                                                                                                                                                                                                                              Function 00007FF75642CDB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-3474627141
                                                                                                                                                                                                                              • Opcode ID: 934d28cf377e416e679c76c03d7825dfe0d7072b15b0ed15d9bcd67d60b0941d
                                                                                                                                                                                                                              • Instruction ID: 4507c431c3f014fe02f93105a87113198c2be19689ec6ae4a1566cb69a917fc4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 934d28cf377e416e679c76c03d7825dfe0d7072b15b0ed15d9bcd67d60b0941d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D215E26A04F889AD7119F69DC413EAB375FF59798F884622EE8C17764EF38D285C310
                                                                                                                                                                                                                              Function 61B080E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Err_Format
                                                                                                                                                                                                                              • String ID: %s (%d:%d)
                                                                                                                                                                                                                              • API String ID: 376477240-1595188566
                                                                                                                                                                                                                              • Opcode ID: 7c6f4043983154f783567a2000c1661b4caecb761159c63e144181327e1162c3
                                                                                                                                                                                                                              • Instruction ID: baca64f9689e15c24ddbf5520a4abfc32b7cea0bfefad0fa0ad0fe234373bd99
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c6f4043983154f783567a2000c1661b4caecb761159c63e144181327e1162c3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF01F737F0069489EB04976AE8403C93B61EF8DB45F8E8022CD5D17761DF29C582D340
                                                                                                                                                                                                                              Function 00007FF756422F90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Message_errno
                                                                                                                                                                                                                              • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                              • API String ID: 1796756983-2410924014
                                                                                                                                                                                                                              • Opcode ID: 1666825682e16e442e24faf390726be1d2bdb50f8481b4348eba228f8a7c8d0d
                                                                                                                                                                                                                              • Instruction ID: 296dda392fd0c29eae96a99433fb29ec7c4cbf280e333c6d181a3faf7cb1a385
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1666825682e16e442e24faf390726be1d2bdb50f8481b4348eba228f8a7c8d0d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44014422A1C68581E220BB51F8007DBA265FB957C0FE44135DF8C137598E3CD656CB54
                                                                                                                                                                                                                              Function 00007FF75642CE09 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-2468659920
                                                                                                                                                                                                                              • Opcode ID: 2da535da2bd4757333fa3aa968bceb381dc086e5588aeeb197cfe0b0ebe43eef
                                                                                                                                                                                                                              • Instruction ID: 2cc1dd0289216b7116b127eb9d2dfe2a9b583c20066ef37a732b56fe05ddb778
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2da535da2bd4757333fa3aa968bceb381dc086e5588aeeb197cfe0b0ebe43eef
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94017126A04F888AD7119F69D8402AAB775FF5D7D8F444722EF8D27764DF28D285C310
                                                                                                                                                                                                                              Function 00007FF75642CE16 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-4064033741
                                                                                                                                                                                                                              • Opcode ID: 39f22a682089e45495d591b86e6fbdf02cdecc1d2117ab1bc671e6e9605982f9
                                                                                                                                                                                                                              • Instruction ID: 3b29c1830f5bbc5276f2959d4b744d2efa0861a3b8aeb7a512c508b0ef96c648
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39f22a682089e45495d591b86e6fbdf02cdecc1d2117ab1bc671e6e9605982f9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2017126A04F888AD7019F69D8402AAB775FF5D7D8F444722EF8D27764DF28D284C310
                                                                                                                                                                                                                              Function 00007FF75642CDFC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-2713391170
                                                                                                                                                                                                                              • Opcode ID: 0f5fc9e47eff1ec0f68fd938a2d5b8522db0e6c69bffe2dc4161cc362c87a665
                                                                                                                                                                                                                              • Instruction ID: 65907ebc0bcc9c2f610344fef8424985d7178be9122646c89f1579b33d2b7256
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f5fc9e47eff1ec0f68fd938a2d5b8522db0e6c69bffe2dc4161cc362c87a665
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4017126A04F888AD7019F69D8402AAB775FF5D7D8F444722EF8D27764DF28D285C310
                                                                                                                                                                                                                              Function 00007FF75642CE30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-4273532761
                                                                                                                                                                                                                              • Opcode ID: 2cf80a598e604341adef02829841eeef1938b9114fd71db9b0ad75c843f83a7b
                                                                                                                                                                                                                              • Instruction ID: 5baf2e1763521f1a78aae0425a053840b0dafbca89e9d980a5f8ac96ea11f6de
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2cf80a598e604341adef02829841eeef1938b9114fd71db9b0ad75c843f83a7b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50017126A04F888AD7019F69D8402AAB775FF5D7D8F444722EF8D27764DF28D284C310
                                                                                                                                                                                                                              Function 00007FF75642CE23 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-4283191376
                                                                                                                                                                                                                              • Opcode ID: 8155ae0fc5bb890a28261478a901452564a5afd7ad45c3a65db794674abc9c0a
                                                                                                                                                                                                                              • Instruction ID: 59cc5c12725f0463db97b2f47c562045279d97b710f5fd5761f7b046d23ef48d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8155ae0fc5bb890a28261478a901452564a5afd7ad45c3a65db794674abc9c0a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D017126A04F888AD7019F69D8402AAB775FF5D7D8F444722EF8D27764DF28D284C310
                                                                                                                                                                                                                              Function 00007FF75642CE3D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: fprintf
                                                                                                                                                                                                                              • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                                                                              • API String ID: 383729395-2187435201
                                                                                                                                                                                                                              • Opcode ID: 2a723d782a9163d01e90c9c1bb319a368f9ff43ef6c7322cc73139433fc85ca8
                                                                                                                                                                                                                              • Instruction ID: ac16880a99db95d332c32efd325a81ea44ce27055d595cf127c665e558cd8d9d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a723d782a9163d01e90c9c1bb319a368f9ff43ef6c7322cc73139433fc85ca8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5015E26A04F888AD7019F69D8402AAB775FB5D7D8F444722EF8D27B64DF28D2848310
                                                                                                                                                                                                                              Function 61B1D6F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • LTC_ARGCHK '%s' failure on line %d of file %s, xrefs: 61B1D706
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __iob_funcabort
                                                                                                                                                                                                                              • String ID: LTC_ARGCHK '%s' failure on line %d of file %s
                                                                                                                                                                                                                              • API String ID: 1307436159-2823265812
                                                                                                                                                                                                                              • Opcode ID: c313e283fabfa43c3c35fd5f87c5c523ee3ccf71d239e85539e8c8094bf8e99f
                                                                                                                                                                                                                              • Instruction ID: cb859e5d9bb51a4e2dd4bc2ebade6091fe65321b8d550b92be205b7305214185
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c313e283fabfa43c3c35fd5f87c5c523ee3ccf71d239e85539e8c8094bf8e99f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4D02E30220A8690DA20AB2AA800B9C2BA1FB89FD8F8C9001CC0C43B218B24C20AC300
                                                                                                                                                                                                                              Function 00007FFDFAF56BE5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21networkCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastioctlsocket
                                                                                                                                                                                                                              • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                                                              • API String ID: 1021210092-540685895
                                                                                                                                                                                                                              • Opcode ID: d80158cf191a90923b6d34e95f28d0695f58e7fdc997def954971b504fcc12af
                                                                                                                                                                                                                              • Instruction ID: c274165c23b10094789b489cef6c31e7b0f8623e4d2b97085811b7e08ef740ae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d80158cf191a90923b6d34e95f28d0695f58e7fdc997def954971b504fcc12af
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39E09A61F1E1078AF3156B209820FBA2250AF04319F000234F93DC66ECDE3DF6589A10
                                                                                                                                                                                                                              Function 00007FFDFAF553DF Relevance: 5.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243363379.00007FFDFAF51000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFAF50000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243342557.00007FFDFAF50000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAF5D000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFB5000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFC9000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFDA000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFE0000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFAFED000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243363379.00007FFDFB19B000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB19D000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1C8000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB1F9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB21F000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243680136.00007FFDFB245000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243837798.00007FFDFB26C000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243861624.00007FFDFB272000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB274000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB290000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243883982.00007FFDFB294000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaf50000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: memmove
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2162964266-0
                                                                                                                                                                                                                              • Opcode ID: 9efe563d003fd66076313b71cb404c0874642dba01128f615f4830b04036b37e
                                                                                                                                                                                                                              • Instruction ID: 6a07aaff16b030584c046fbc82a0bdf00b0a179b666cecb7c5cc6146926e6630
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9efe563d003fd66076313b71cb404c0874642dba01128f615f4830b04036b37e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB11D622B0868186D710DF1AE1902AD6360EF447D0F444631EB6E47BEAEF28E5A5C700
                                                                                                                                                                                                                              Function 61B80A00 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3239648862.0000000061B01000.00000020.00000001.01000000.00000011.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239603617.0000000061B00000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239745517.0000000061B82000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239780089.0000000061B86000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239809116.0000000061B87000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239863189.0000000061B9F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239903012.0000000061BA2000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239936454.0000000061BA4000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3239958317.0000000061BA8000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_61b00000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeavefree
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4020351045-0
                                                                                                                                                                                                                              • Opcode ID: 236f3410a99c66fb949126bd1ce2d3cd150a60c84afc01a74b262dbc83574073
                                                                                                                                                                                                                              • Instruction ID: 98110187d93f54d1a5ad4cd8c75d3b2d20109cad11679a39cc1c897d667d886c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 236f3410a99c66fb949126bd1ce2d3cd150a60c84afc01a74b262dbc83574073
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72011E75716641CAEB8CCB95E8D039573A2FB84F80F58E625C959C7320EB79C4A5C300
                                                                                                                                                                                                                              Function 00007FF7564262F0 Relevance: 5.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000001.00000002.3243132977.00007FF756421000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF756420000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243111017.00007FF756420000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243165970.00007FF756439000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243188530.00007FF75643A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243210648.00007FF756443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756445000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF75644B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243231456.00007FF756454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243296854.00007FF756455000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000001.00000002.3243317539.00007FF756458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff756420000_zapret.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                                              • Opcode ID: 3dbfd2c1936c92fbd2e485fbfa29ce8a73b4ff18287ad241fd2ae8f5dafdf3c7
                                                                                                                                                                                                                              • Instruction ID: 01a03b573b5b7c2cd3e5edcbf06c69fb1ea8e287a4a66ea9ef3254fd7f7b4ad7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dbfd2c1936c92fbd2e485fbfa29ce8a73b4ff18287ad241fd2ae8f5dafdf3c7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3F08211F0B50685FE69B661A8103BED2146F51B80FCC4030CB4D27E42DE2CB6C28320